From ea0c3db8e1753fcab997c3909e7b763094f42d57 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 8 Feb 2023 13:23:45 -0500 Subject: [PATCH 01/62] upgrade influxdb --- pillar/data/addtotab.sh | 2 - salt/allowed_states.map.jinja | 4 - .../sbin/so-grafana-dashboard-folder-delete | 20 - salt/common/tools/sbin/so-grafana-restart | 12 - salt/common/tools/sbin/so-grafana-start | 12 - salt/common/tools/sbin/so-grafana-stop | 12 - salt/common/tools/sbin/so-image-common | 1 - salt/docker/defaults.yaml | 4 - salt/firewall/containers.map.jinja | 1 - .../dashboards/common_template.json.jinja | 64 - salt/grafana/etc/dashboards/dashboard.yml | 12 - salt/grafana/etc/datasources/influxdb.yaml | 17 - salt/grafana/etc/files/readme.txt | 1 - salt/grafana/etc/grafana.ini.jinja | 12 - salt/grafana/grafana_defaults.yaml | 3147 ----------------- salt/grafana/init.sls | 164 - ...u_docker_combined_current_graph.json.jinja | 223 -- ...cpu_docker_combined_trend_graph.json.jinja | 220 -- .../panels/cpu_usage_current_graph.json.jinja | 150 - .../grafana/panels/cpu_usage_guage.json.jinja | 126 - .../cpu_usage_tasks_all_graph.json.jinja | 193 - .../cpu_usage_tasks_blocked_graph.json.jinja | 124 - .../cpu_usage_tasks_paging_graph.json.jinja | 124 - .../cpu_usage_tasks_running_graph.json.jinja | 124 - .../cpu_usage_tasks_sleeping_graph.json.jinja | 124 - .../cpu_usage_tasks_stopped_graph.json.jinja | 124 - .../cpu_usage_tasks_unknown_graph.json.jinja | 124 - .../cpu_usage_tasks_zombies_graph.json.jinja | 124 - .../panels/disk_io_bytes_graph.json.jinja | 189 - .../panels/disk_io_requests_graph.json.jinja | 190 - .../panels/disk_io_time_graph.json.jinja | 189 - .../panels/disk_usage_nsm_graph.json.jinja | 211 -- .../disk_usage_nsm_percent_graph.json.jinja | 149 - .../panels/disk_usage_root_graph.json.jinja | 211 -- .../disk_usage_root_percent_graph.json.jinja | 149 - ...sticsearch_document_count_graph.json.jinja | 193 - ...rch_field_data_cache_size_graph.json.jinja | 191 - ..._ingest_performance_nontc_graph.json.jinja | 796 ----- ...rch_ingest_performance_tc_graph.json.jinja | 793 ----- ...earch_pipeline_time_nontc_graph.json.jinja | 153 - ...icsearch_pipeline_time_tc_graph.json.jinja | 129 - .../elasticsearch_store_size_graph.json.jinja | 195 - ...lasticsearch_thread_count_graph.json.jinja | 192 - .../panels/influxdb_db_size_graph.json.jinja | 191 - salt/grafana/panels/io_wait_graph.json.jinja | 148 - salt/grafana/panels/io_wait_stat.json.jinja | 125 - .../load_average_5_minute_stat.json.jinja | 118 - .../panels/load_averages_graph.json.jinja | 187 - ...gstash_eps_in_out_manager_graph.json.jinja | 403 --- ...logstash_estimated_eps_in_graph.json.jinja | 230 -- .../logstash_estimated_eps_in_stat.json.jinja | 136 - ...sh_estimated_eps_in_total_graph.json.jinja | 156 - ...ogstash_estimated_eps_out_graph.json.jinja | 230 -- ...logstash_estimated_eps_out_stat.json.jinja | 136 - ...h_estimated_eps_out_total_graph.json.jinja | 156 - ...ing_eps_in_out_searchnode_graph.json.jinja | 411 --- ...g_eps_in_searchnode_total_graph.json.jinja | 170 - ...anagement_interface_drops_graph.json.jinja | 282 -- ...t_interface_drops_inbound_graph.json.jinja | 142 - ..._interface_drops_outbound_graph.json.jinja | 142 - ...agement_interface_packets_graph.json.jinja | 283 -- ...nt_interface_traffic_both_graph.json.jinja | 409 --- ...interface_traffic_inbound_graph.json.jinja | 164 - ...nterface_traffic_outbound_graph.json.jinja | 162 - .../panels/memory_usage_graph.json.jinja | 208 -- .../memory_usage_percent_graph.json.jinja | 139 - ...d_docker_combined_current_graph.json.jinja | 143 - ...sed_docker_combined_trend_graph.json.jinja | 143 - .../monitor_interface_drops_graph.json.jinja | 282 -- ...r_interface_drops_inbound_graph.json.jinja | 125 - ...monitor_interface_packets_graph.json.jinja | 282 -- ...or_interface_traffic_both_graph.json.jinja | 276 -- ...interface_traffic_inbound_graph.json.jinja | 167 - ...ace_traffic_inbound_total_graph.json.jinja | 178 - .../monitor_interface_traffic_stat.json.jinja | 152 - ...e_docker_combined_current_graph.json.jinja | 232 -- ...age_docker_combined_trend_graph.json.jinja | 231 -- salt/grafana/panels/nsm_used_guage.json.jinja | 121 - .../panels/pcap_retention_stat.json.jinja | 113 - .../panels/process_status_graph.json.jinja | 203 -- .../grafana/panels/ram_usage_guage.json.jinja | 114 - .../panels/redis_queue_graph.json.jinja | 208 -- .../panels/redis_queue_stat.json.jinja | 95 - .../panels/rootfs_used_guage.json.jinja | 121 - salt/grafana/panels/row_cpu.json.jinja | 15 - salt/grafana/panels/row_disk_iops.json.jinja | 22 - salt/grafana/panels/row_disk_usage.json.jinja | 15 - .../panels/row_docker_details.json.jinja | 15 - .../panels/row_elasticsearch.json.jinja | 15 - salt/grafana/panels/row_influxdb.json.jinja | 15 - salt/grafana/panels/row_logstash.json.jinja | 15 - salt/grafana/panels/row_memory.json.jinja | 15 - salt/grafana/panels/row_network.json.jinja | 15 - salt/grafana/panels/row_overview.json.jinja | 15 - .../grafana/panels/row_packet_loss.json.jinja | 15 - salt/grafana/panels/row_redis.json.jinja | 15 - .../panels/row_stenographer.json.jinja | 15 - salt/grafana/panels/row_suricata.json.jinja | 15 - salt/grafana/panels/row_swap.json.jinja | 15 - salt/grafana/panels/row_zeek.json.jinja | 15 - .../stenographer_packet_loss_graph.json.jinja | 229 -- .../stenographer_packet_loss_stat.json.jinja | 114 - ...enographer_pcap_retention_graph.json.jinja | 207 -- .../suricata_packet_loss_graph.json.jinja | 241 -- .../suricata_packet_loss_stat.json.jinja | 120 - .../panels/swap_io_bytes_graph.json.jinja | 187 - .../panels/swap_usage_bytes_graph.json.jinja | 184 - .../panels/swap_usage_guage.json.jinja | 115 - .../swap_usage_percent_graph.json.jinja | 141 - salt/grafana/panels/system_uptime.json.jinja | 91 - .../panels/system_uptime_graph.json.jinja | 148 - ...e_docker_combined_current_graph.json.jinja | 168 - ...ime_docker_combined_trend_graph.json.jinja | 165 - .../panels/zeek_capture_loss_graph.json.jinja | 203 -- .../panels/zeek_packet_loss_graph.json.jinja | 244 -- .../panels/zeek_packet_loss_stat.json.jinja | 120 - .../zeek_restarts_healthcheck_stat.json.jinja | 93 - salt/grafana/soc_grafana.yaml | 49 - salt/grafana/templates/cluster_name.json | 25 - salt/grafana/templates/containers.json | 29 - salt/grafana/templates/cpucount.json | 24 - salt/grafana/templates/disk.json | 39 - salt/grafana/templates/manint.json | 29 - salt/grafana/templates/monint.json | 29 - salt/grafana/templates/role.json | 29 - salt/grafana/templates/searchnode.json | 25 - salt/grafana/templates/servername.json | 34 - salt/influxdb/config.yaml.jinja | 4 + salt/influxdb/defaults.yaml | 219 +- salt/influxdb/etc/influxdb.conf.jinja | 26 - salt/influxdb/init.sls | 100 +- salt/influxdb/map.jinja | 9 - salt/influxdb/soc_influxdb.yaml | 668 ++-- salt/nginx/etc/nginx.conf | 11 +- salt/soc/defaults.yaml | 8 +- salt/soc/merged.map.jinja | 5 - salt/telegraf/init.sls | 2 +- salt/top.sls | 4 - setup/automation/distributed-airgap-manager | 1 - setup/automation/distributed-airgap-search | 1 - setup/automation/distributed-airgap-sensor | 1 - setup/automation/distributed-cloud-manager | 1 - setup/automation/distributed-cloud-search | 1 - setup/automation/distributed-cloud-sensor | 1 - setup/automation/distributed-iso-manager | 1 - setup/automation/distributed-iso-search | 1 - setup/automation/distributed-iso-sensor | 1 - .../automation/distributed-net-centos-manager | 1 - .../automation/distributed-net-centos-search | 1 - .../automation/distributed-net-centos-sensor | 1 - .../automation/distributed-net-ubuntu-manager | 1 - .../automation/distributed-net-ubuntu-search | 1 - .../automation/distributed-net-ubuntu-sensor | 1 - .../distributed-net-ubuntu-suricata-manager | 1 - .../distributed-net-ubuntu-suricata-search | 1 - .../distributed-net-ubuntu-suricata-sensor | 1 - setup/automation/eval-airgap | 1 - setup/automation/eval-cloud | 1 - setup/automation/eval-iso | 1 - setup/automation/eval-net-centos | 1 - setup/automation/eval-net-ubuntu | 1 - setup/automation/import-airgap | 1 - setup/automation/import-cloud | 1 - setup/automation/import-iso | 1 - setup/automation/import-net-centos | 1 - setup/automation/import-net-ubuntu | 1 - setup/automation/standalone-airgap | 1 - setup/automation/standalone-cloud | 1 - setup/automation/standalone-iso | 1 - setup/automation/standalone-iso-logscan | 1 - setup/automation/standalone-iso-suricata | 1 - setup/automation/standalone-net-centos | 1 - setup/automation/standalone-net-centos-proxy | 1 - setup/automation/standalone-net-ubuntu | 1 - setup/so-functions | 9 +- 175 files changed, 431 insertions(+), 21108 deletions(-) delete mode 100755 salt/common/tools/sbin/so-grafana-dashboard-folder-delete delete mode 100755 salt/common/tools/sbin/so-grafana-restart delete mode 100755 salt/common/tools/sbin/so-grafana-start delete mode 100755 salt/common/tools/sbin/so-grafana-stop delete mode 100644 salt/grafana/dashboards/common_template.json.jinja delete mode 100644 salt/grafana/etc/dashboards/dashboard.yml delete mode 100644 salt/grafana/etc/datasources/influxdb.yaml delete mode 100644 salt/grafana/etc/files/readme.txt delete mode 100644 salt/grafana/etc/grafana.ini.jinja delete mode 100644 salt/grafana/grafana_defaults.yaml delete mode 100644 salt/grafana/init.sls delete mode 100644 salt/grafana/panels/cpu_docker_combined_current_graph.json.jinja delete mode 100644 salt/grafana/panels/cpu_docker_combined_trend_graph.json.jinja delete mode 100644 salt/grafana/panels/cpu_usage_current_graph.json.jinja delete mode 100644 salt/grafana/panels/cpu_usage_guage.json.jinja delete mode 100644 salt/grafana/panels/cpu_usage_tasks_all_graph.json.jinja delete mode 100644 salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja delete mode 100644 salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja delete mode 100644 salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja delete mode 100644 salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja delete mode 100644 salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja delete mode 100644 salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja delete mode 100644 salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja delete mode 100644 salt/grafana/panels/disk_io_bytes_graph.json.jinja delete mode 100644 salt/grafana/panels/disk_io_requests_graph.json.jinja delete mode 100644 salt/grafana/panels/disk_io_time_graph.json.jinja delete mode 100644 salt/grafana/panels/disk_usage_nsm_graph.json.jinja delete mode 100644 salt/grafana/panels/disk_usage_nsm_percent_graph.json.jinja delete mode 100644 salt/grafana/panels/disk_usage_root_graph.json.jinja delete mode 100644 salt/grafana/panels/disk_usage_root_percent_graph.json.jinja delete mode 100644 salt/grafana/panels/elasticsearch_document_count_graph.json.jinja delete mode 100644 salt/grafana/panels/elasticsearch_field_data_cache_size_graph.json.jinja delete mode 100644 salt/grafana/panels/elasticsearch_ingest_performance_nontc_graph.json.jinja delete mode 100644 salt/grafana/panels/elasticsearch_ingest_performance_tc_graph.json.jinja delete mode 100644 salt/grafana/panels/elasticsearch_pipeline_time_nontc_graph.json.jinja delete mode 100644 salt/grafana/panels/elasticsearch_pipeline_time_tc_graph.json.jinja delete mode 100644 salt/grafana/panels/elasticsearch_store_size_graph.json.jinja delete mode 100644 salt/grafana/panels/elasticsearch_thread_count_graph.json.jinja delete mode 100644 salt/grafana/panels/influxdb_db_size_graph.json.jinja delete mode 100644 salt/grafana/panels/io_wait_graph.json.jinja delete mode 100644 salt/grafana/panels/io_wait_stat.json.jinja delete mode 100644 salt/grafana/panels/load_average_5_minute_stat.json.jinja delete mode 100644 salt/grafana/panels/load_averages_graph.json.jinja delete mode 100644 salt/grafana/panels/logstash_eps_in_out_manager_graph.json.jinja delete mode 100644 salt/grafana/panels/logstash_estimated_eps_in_graph.json.jinja delete mode 100644 salt/grafana/panels/logstash_estimated_eps_in_stat.json.jinja delete mode 100644 salt/grafana/panels/logstash_estimated_eps_in_total_graph.json.jinja delete mode 100644 salt/grafana/panels/logstash_estimated_eps_out_graph.json.jinja delete mode 100644 salt/grafana/panels/logstash_estimated_eps_out_stat.json.jinja delete mode 100644 salt/grafana/panels/logstash_estimated_eps_out_total_graph.json.jinja delete mode 100644 salt/grafana/panels/logstash_indexing_eps_in_out_searchnode_graph.json.jinja delete mode 100644 salt/grafana/panels/logstash_indexing_eps_in_searchnode_total_graph.json.jinja delete mode 100644 salt/grafana/panels/management_interface_drops_graph.json.jinja delete mode 100644 salt/grafana/panels/management_interface_drops_inbound_graph.json.jinja delete mode 100644 salt/grafana/panels/management_interface_drops_outbound_graph.json.jinja delete mode 100644 salt/grafana/panels/management_interface_packets_graph.json.jinja delete mode 100644 salt/grafana/panels/management_interface_traffic_both_graph.json.jinja delete mode 100644 salt/grafana/panels/management_interface_traffic_inbound_graph.json.jinja delete mode 100644 salt/grafana/panels/management_interface_traffic_outbound_graph.json.jinja delete mode 100644 salt/grafana/panels/memory_usage_graph.json.jinja delete mode 100644 salt/grafana/panels/memory_usage_percent_graph.json.jinja delete mode 100644 salt/grafana/panels/memory_used_docker_combined_current_graph.json.jinja delete mode 100644 salt/grafana/panels/memory_used_docker_combined_trend_graph.json.jinja delete mode 100644 salt/grafana/panels/monitor_interface_drops_graph.json.jinja delete mode 100644 salt/grafana/panels/monitor_interface_drops_inbound_graph.json.jinja delete mode 100644 salt/grafana/panels/monitor_interface_packets_graph.json.jinja delete mode 100644 salt/grafana/panels/monitor_interface_traffic_both_graph.json.jinja delete mode 100644 salt/grafana/panels/monitor_interface_traffic_inbound_graph.json.jinja delete mode 100644 salt/grafana/panels/monitor_interface_traffic_inbound_total_graph.json.jinja delete mode 100644 salt/grafana/panels/monitor_interface_traffic_stat.json.jinja delete mode 100644 salt/grafana/panels/network_usage_docker_combined_current_graph.json.jinja delete mode 100644 salt/grafana/panels/network_usage_docker_combined_trend_graph.json.jinja delete mode 100644 salt/grafana/panels/nsm_used_guage.json.jinja delete mode 100644 salt/grafana/panels/pcap_retention_stat.json.jinja delete mode 100644 salt/grafana/panels/process_status_graph.json.jinja delete mode 100644 salt/grafana/panels/ram_usage_guage.json.jinja delete mode 100644 salt/grafana/panels/redis_queue_graph.json.jinja delete mode 100644 salt/grafana/panels/redis_queue_stat.json.jinja delete mode 100644 salt/grafana/panels/rootfs_used_guage.json.jinja delete mode 100644 salt/grafana/panels/row_cpu.json.jinja delete mode 100644 salt/grafana/panels/row_disk_iops.json.jinja delete mode 100644 salt/grafana/panels/row_disk_usage.json.jinja delete mode 100644 salt/grafana/panels/row_docker_details.json.jinja delete mode 100644 salt/grafana/panels/row_elasticsearch.json.jinja delete mode 100644 salt/grafana/panels/row_influxdb.json.jinja delete mode 100644 salt/grafana/panels/row_logstash.json.jinja delete mode 100644 salt/grafana/panels/row_memory.json.jinja delete mode 100644 salt/grafana/panels/row_network.json.jinja delete mode 100644 salt/grafana/panels/row_overview.json.jinja delete mode 100644 salt/grafana/panels/row_packet_loss.json.jinja delete mode 100644 salt/grafana/panels/row_redis.json.jinja delete mode 100644 salt/grafana/panels/row_stenographer.json.jinja delete mode 100644 salt/grafana/panels/row_suricata.json.jinja delete mode 100644 salt/grafana/panels/row_swap.json.jinja delete mode 100644 salt/grafana/panels/row_zeek.json.jinja delete mode 100644 salt/grafana/panels/stenographer_packet_loss_graph.json.jinja delete mode 100644 salt/grafana/panels/stenographer_packet_loss_stat.json.jinja delete mode 100644 salt/grafana/panels/stenographer_pcap_retention_graph.json.jinja delete mode 100644 salt/grafana/panels/suricata_packet_loss_graph.json.jinja delete mode 100644 salt/grafana/panels/suricata_packet_loss_stat.json.jinja delete mode 100644 salt/grafana/panels/swap_io_bytes_graph.json.jinja delete mode 100644 salt/grafana/panels/swap_usage_bytes_graph.json.jinja delete mode 100644 salt/grafana/panels/swap_usage_guage.json.jinja delete mode 100644 salt/grafana/panels/swap_usage_percent_graph.json.jinja delete mode 100644 salt/grafana/panels/system_uptime.json.jinja delete mode 100644 salt/grafana/panels/system_uptime_graph.json.jinja delete mode 100644 salt/grafana/panels/uptime_docker_combined_current_graph.json.jinja delete mode 100644 salt/grafana/panels/uptime_docker_combined_trend_graph.json.jinja delete mode 100644 salt/grafana/panels/zeek_capture_loss_graph.json.jinja delete mode 100644 salt/grafana/panels/zeek_packet_loss_graph.json.jinja delete mode 100644 salt/grafana/panels/zeek_packet_loss_stat.json.jinja delete mode 100644 salt/grafana/panels/zeek_restarts_healthcheck_stat.json.jinja delete mode 100644 salt/grafana/soc_grafana.yaml delete mode 100644 salt/grafana/templates/cluster_name.json delete mode 100644 salt/grafana/templates/containers.json delete mode 100644 salt/grafana/templates/cpucount.json delete mode 100644 salt/grafana/templates/disk.json delete mode 100644 salt/grafana/templates/manint.json delete mode 100644 salt/grafana/templates/monint.json delete mode 100644 salt/grafana/templates/role.json delete mode 100644 salt/grafana/templates/searchnode.json delete mode 100644 salt/grafana/templates/servername.json create mode 100644 salt/influxdb/config.yaml.jinja delete mode 100644 salt/influxdb/etc/influxdb.conf.jinja delete mode 100644 salt/influxdb/map.jinja diff --git a/pillar/data/addtotab.sh b/pillar/data/addtotab.sh index 271558295..65f9446dd 100644 --- a/pillar/data/addtotab.sh +++ b/pillar/data/addtotab.sh @@ -45,12 +45,10 @@ echo " rootfs: $ROOTFS" >> $local_salt_dir/pillar/data/$TYPE.sls echo " nsmfs: $NSM" >> $local_salt_dir/pillar/data/$TYPE.sls if [ $TYPE == 'sensorstab' ]; then echo " monint: bond0" >> $local_salt_dir/pillar/data/$TYPE.sls - salt-call state.apply grafana queue=True fi if [ $TYPE == 'evaltab' ] || [ $TYPE == 'standalonetab' ]; then echo " monint: bond0" >> $local_salt_dir/pillar/data/$TYPE.sls if [ ! $10 ]; then - salt-call state.apply grafana queue=True salt-call state.apply utility queue=True fi fi diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja index 823b7b647..42ec3604a 100644 --- a/salt/allowed_states.map.jinja +++ b/salt/allowed_states.map.jinja @@ -33,7 +33,6 @@ 'nginx', 'telegraf', 'influxdb', - 'grafana', 'soc', 'kratos', 'elastic-fleet', @@ -119,7 +118,6 @@ 'nginx', 'telegraf', 'influxdb', - 'grafana', 'soc', 'kratos', 'elastic-fleet', @@ -139,7 +137,6 @@ 'nginx', 'telegraf', 'influxdb', - 'grafana', 'soc', 'kratos', 'elastic-fleet', @@ -169,7 +166,6 @@ 'nginx', 'telegraf', 'influxdb', - 'grafana', 'soc', 'kratos', 'elastic-fleet', diff --git a/salt/common/tools/sbin/so-grafana-dashboard-folder-delete b/salt/common/tools/sbin/so-grafana-dashboard-folder-delete deleted file mode 100755 index 0783fccea..000000000 --- a/salt/common/tools/sbin/so-grafana-dashboard-folder-delete +++ /dev/null @@ -1,20 +0,0 @@ -# this script is used to delete the default Grafana dashboard folders that existed prior to Grafana dashboard and Salt management changes in 2.3.70 - -# Exit if an error occurs. The next highstate will retry. -set -e - -folders=$(curl -X GET http://admin:{{salt['pillar.get']('secrets:grafana_admin')}}@localhost:3000/api/folders | jq -r '.[] | @base64') -delfolder=("Manager" "Manager Search" "Sensor Nodes" "Search Nodes" "Standalone" "Eval Mode") - -for row in $folders; do - title=$(echo ${row} | base64 --decode | jq -r '.title') - uid=$(echo ${row} | base64 --decode | jq -r '.uid') - - if [[ " ${delfolder[@]} " =~ " ${title} " ]]; then - curl -X DELETE http://admin:{{salt['pillar.get']('secrets:grafana_admin')}}@localhost:3000/api/folders/$uid - fi -done - -echo "so-grafana-dashboard-folder-delete has been run to delete default Grafana dashboard folders that existed prior to 2.3.70" > /opt/so/state/so-grafana-dashboard-folder-delete-complete - -exit 0 diff --git a/salt/common/tools/sbin/so-grafana-restart b/salt/common/tools/sbin/so-grafana-restart deleted file mode 100755 index f8fbcb9c1..000000000 --- a/salt/common/tools/sbin/so-grafana-restart +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - - -. /usr/sbin/so-common - -/usr/sbin/so-restart grafana $1 diff --git a/salt/common/tools/sbin/so-grafana-start b/salt/common/tools/sbin/so-grafana-start deleted file mode 100755 index dfea3b8dc..000000000 --- a/salt/common/tools/sbin/so-grafana-start +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - - -. /usr/sbin/so-common - -/usr/sbin/so-start grafana $1 diff --git a/salt/common/tools/sbin/so-grafana-stop b/salt/common/tools/sbin/so-grafana-stop deleted file mode 100755 index 62552f17f..000000000 --- a/salt/common/tools/sbin/so-grafana-stop +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - - -. /usr/sbin/so-common - -/usr/sbin/so-stop grafana $1 diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index 945d3f4ed..24772a479 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -48,7 +48,6 @@ container_list() { "so-elastic-agent-builder" "so-elasticsearch" "so-filebeat" - "so-grafana" "so-idh" "so-idstools" "so-influxdb" diff --git a/salt/docker/defaults.yaml b/salt/docker/defaults.yaml index 7f3d40573..6886703db 100644 --- a/salt/docker/defaults.yaml +++ b/salt/docker/defaults.yaml @@ -23,10 +23,6 @@ docker: - 0.0.0.0:514:514/udp - 0.0.0.0:514:514/tcp - 0.0.0.0:5066:5066/tcp - 'so-grafana': - final_octet: 24 - port_bindings: - - 0.0.0.0:3000:3000 'so-idstools': final_octet: 25 'so-influxdb': diff --git a/salt/firewall/containers.map.jinja b/salt/firewall/containers.map.jinja index 2ca294abc..702f2ff63 100644 --- a/salt/firewall/containers.map.jinja +++ b/salt/firewall/containers.map.jinja @@ -5,7 +5,6 @@ 'so-elastic-fleet', 'so-elastic-fleet-package-registry', 'so-filebeat', - 'so-grafana', 'so-influxdb', 'so-kibana', 'so-kratos', diff --git a/salt/grafana/dashboards/common_template.json.jinja b/salt/grafana/dashboards/common_template.json.jinja deleted file mode 100644 index 4c6745c3c..000000000 --- a/salt/grafana/dashboards/common_template.json.jinja +++ /dev/null @@ -1,64 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": "-- Grafana --", - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "description": "{{TITLE}}", - "editable": true, - "gnetId": null, - "graphTooltip": 0, - "id": {{ ID }}, - "iteration": 1625757047565, - "links": [], - "panels": [ -{% for panel in PANELS -%} -{%- import_json "grafana/panels/" ~ panel ~ ".json.jinja" as panel %} -{{ panel | json }} {% if not loop.last %},{% endif %} -{% endfor -%} - ], - "refresh": "5m", - "schemaVersion": 27, - "style": "dark", - "tags": [], - "templating": { - "list": [ -{% for template in TEMPLATES.keys() -%} -{%- import_json "grafana/templates/" ~ template ~ ".json" as template %} -{{ template | json }} {% if not loop.last %},{% endif %} -{% endfor -%} - ] - }, - "time": { - "from": "now-3h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ] - }, - "timezone": "browser", - "title": "{{ TITLE }}", - {% if TITLE | lower == 'security onion grid overview' %} - "uid": "so_overview", - {% else %} - "uid": "{{ UID }}", - {% endif %} - "version": 1 -} diff --git a/salt/grafana/etc/dashboards/dashboard.yml b/salt/grafana/etc/dashboards/dashboard.yml deleted file mode 100644 index 2c422069c..000000000 --- a/salt/grafana/etc/dashboards/dashboard.yml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: 1 - -providers: -- name: 'Dashboards' - folder: 'Dashboards' - type: file - disableDeletion: false - editable: true - allowUiUpdates: true - options: - path: /etc/grafana/grafana_dashboards/ - diff --git a/salt/grafana/etc/datasources/influxdb.yaml b/salt/grafana/etc/datasources/influxdb.yaml deleted file mode 100644 index 1c4fd8135..000000000 --- a/salt/grafana/etc/datasources/influxdb.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: 1 - -deleteDatasources: - - name: Graphite - orgId: 1 - -datasources: - - name: InfluxDB - type: influxdb - access: proxy - database: telegraf - url: https://{{ GLOBALS.influxdb_host }}:8086 - jsonData: - tlsAuth: false - tlsAuthWithCACert: false - tlsSkipVerify: true - version: 1 diff --git a/salt/grafana/etc/files/readme.txt b/salt/grafana/etc/files/readme.txt deleted file mode 100644 index c78e8687c..000000000 --- a/salt/grafana/etc/files/readme.txt +++ /dev/null @@ -1 +0,0 @@ -For files that are referenced inside the Grafana config, place them in /opt/so/saltstack/local/salt/grafana/etc/files/. This would include keys used for smtp or a Grafana enterprise license file. \ No newline at end of file diff --git a/salt/grafana/etc/grafana.ini.jinja b/salt/grafana/etc/grafana.ini.jinja deleted file mode 100644 index f2309056d..000000000 --- a/salt/grafana/etc/grafana.ini.jinja +++ /dev/null @@ -1,12 +0,0 @@ -{%- macro write_config_line(cfg) %} -{%- for k,v in cfg.items() -%} -{{ k }} = {{ v }} -{% endfor %} -{%- endmacro %} - -{{ write_config_line(config.get("default", {})) }} -{% for header, cfg in config.items() %} -{%- if header == "default" %}{% continue %}{% endif %} -[{{ header }}] -{{ write_config_line(cfg) }} -{% endfor %} \ No newline at end of file diff --git a/salt/grafana/grafana_defaults.yaml b/salt/grafana/grafana_defaults.yaml deleted file mode 100644 index b05775886..000000000 --- a/salt/grafana/grafana_defaults.yaml +++ /dev/null @@ -1,3147 +0,0 @@ -grafana: - config: - server: - root_url: "%(protocol)s://%(domain)s/grafana/" - auth.anonymous: - enabled: true - org_name: Main Org. - org_role: Viewer - smtp: - enabled: false - host: localhost:25 - user: myuser - password: mypassword - cert_file: /etc/grafana/config/files/smtp_cert_file.crt - key_file: /etc/grafana/config/files/smtp_key_file.key - skip_verify: false - from_address: admin@grafana.localhost - from_name: Grafana - ehlo_identity: dashboard.example.com - auth.ldap: - enabled: false - config_file: /etc/grafana/config/files/ldap.toml - allow_sign_up: true - enterprise: - license_path: /opt/so/conf/grafana/etc/files/license.jwt - dashboards: - overview: - title: 'Security Onion Grid Overview' - templating: - list: - servername: - text: All - value: "$__all" - role: - allValue: true - multi: true - hide: 0 - text: All - value: "$__all" - containers: {} - manint: {} - monint: {} - cpucount: {} - disk: {} - panels: - row_overview: - gridPos: - x: 0 - y: 0 - h: 1 - w: 24 - system_uptime_graph: - gridPos: - x: 0 - y: 1 - h: 8 - w: 12 - uptime_docker_combined_current_graph: - gridPos: - x: 12 - y: 1 - h: 8 - w: 12 - cpu_usage_current_graph: - gridPos: - x: 0 - y: 9 - h: 8 - w: 24 - memory_usage_percent_graph: - gridPos: - x: 0 - y: 17 - h: 8 - w: 24 - disk_usage_root_percent_graph: - gridPos: - x: 0 - y: 25 - h: 8 - w: 24 - disk_usage_nsm_percent_graph: - gridPos: - x: 0 - y: 33 - h: 8 - w: 24 - swap_usage_percent_graph: - gridPos: - x: 0 - y: 41 - h: 8 - w: 24 - io_wait_graph: - gridPos: - x: 0 - y: 49 - h: 8 - w: 24 - - row_network: - gridPos: - x: 0 - y: 57 - h: 1 - w: 24 - management_interface_traffic_inbound_graph: - gridPos: - x: 0 - y: 58 - h: 8 - w: 24 - management_interface_traffic_outbound_graph: - gridPos: - x: 0 - y: 64 - h: 8 - w: 24 - management_interface_drops_inbound_graph: - gridPos: - x: 0 - y: 72 - h: 8 - w: 24 - management_interface_drops_outbound_graph: - gridPos: - x: 0 - y: 80 - h: 8 - w: 24 - monitor_interface_traffic_inbound_graph: - gridPos: - x: 0 - y: 88 - h: 8 - w: 24 - monitor_interface_drops_inbound_graph: - gridPos: - x: 0 - y: 96 - h: 8 - w: 24 - - row_packet_loss: - gridPos: - x: 0 - y: 104 - h: 1 - w: 24 - zeek_packet_loss_graph: - gridPos: - x: 0 - y: 105 - h: 8 - w: 24 - hideTrend: true - suricata_packet_loss_graph: - gridPos: - x: 0 - y: 113 - h: 8 - w: 24 - hideTrend: true - stenographer_packet_loss_graph: - gridPos: - x: 0 - y: 121 - h: 8 - w: 24 - hideTrend: true - - row_cpu: - gridPos: - x: 0 - y: 999 - h: 1 - w: 24 - cpu_usage_tasks_running_graph: - gridPos: - x: 0 - y: 1000 - h: 8 - w: 24 - cpu_usage_tasks_zombies_graph: - gridPos: - x: 0 - y: 1008 - h: 8 - w: 12 - cpu_usage_tasks_stopped_graph: - gridPos: - x: 12 - y: 1008 - h: 8 - w: 12 - cpu_usage_tasks_sleeping_graph: - gridPos: - x: 0 - y: 1016 - h: 8 - w: 12 - cpu_usage_tasks_blocked_graph: - gridPos: - x: 12 - y: 1016 - h: 8 - w: 12 - cpu_usage_tasks_paging_graph: - gridPos: - x: 0 - y: 1024 - h: 8 - w: 12 - cpu_usage_tasks_unknown_graph: - gridPos: - x: 12 - y: 1024 - h: 8 - w: 12 - - - standalone: - templating: - list: - servername: {} - role: - allValue: false - multi: false - hide: 2 - containers: {} - manint: {} - monint: {} - cpucount: {} - disk: {} - panels: - row_overview: - gridPos: - x: 0 - y: 0 - h: 1 - w: 24 - system_uptime: - gridPos: - x: 0 - y: 1 - h: 4 - w: 4 - load_average_5_minute_stat: - gridPos: - x: 4 - y: 1 - h: 4 - w: 4 - cpu_usage_guage: - gridPos: - x: 8 - y: 1 - h: 4 - w: 2 - ram_usage_guage: - gridPos: - x: 10 - y: 1 - h: 4 - w: 2 - swap_usage_guage: - gridPos: - x: 12 - y: 1 - h: 4 - w: 2 - rootfs_used_guage: - gridPos: - x: 14 - y: 1 - h: 4 - w: 2 - nsm_used_guage: - gridPos: - x: 16 - y: 1 - h: 4 - w: 2 - pcap_retention_stat: - gridPos: - x: 18 - y: 1 - h: 4 - w: 2 - io_wait_stat: - gridPos: - x: 20 - y: 1 - h: 4 - w: 4 - logstash_estimated_eps_in_stat: - gridPos: - x: 0 - y: 5 - h: 4 - w: 4 - redis_queue_stat: - gridPos: - x: 4 - y: 5 - h: 4 - w: 4 - monitor_interface_traffic_stat: - gridPos: - x: 8 - y: 5 - h: 4 - w: 4 - zeek_packet_loss_stat: - gridPos: - x: 12 - y: 5 - h: 4 - w: 4 - suricata_packet_loss_stat: - gridPos: - x: 16 - y: 5 - h: 4 - w: 4 - stenographer_packet_loss_stat: - gridPos: - x: 20 - y: 5 - h: 4 - w: 4 - - row_cpu: - gridPos: - x: 0 - y: 9 - h: 1 - w: 24 - cpu_usage_tasks_all_graph: - gridPos: - x: 0 - y: 10 - h: 8 - w: 24 - load_averages_graph: - gridPos: - x: 0 - y: 18 - h: 8 - w: 12 - process_status_graph: - gridPos: - x: 12 - y: 18 - h: 8 - w: 12 - - row_memory: - gridPos: - x: 0 - y: 26 - h: 1 - w: 24 - memory_usage_graph: - gridPos: - x: 0 - y: 27 - h: 8 - w: 24 - - row_swap: - gridPos: - x: 0 - y: 35 - h: 1 - w: 24 - swap_io_bytes_graph: - gridPos: - x: 0 - y: 36 - h: 8 - w: 12 - swap_usage_bytes_graph: - gridPos: - x: 12 - y: 36 - h: 8 - w: 12 - - row_network: - gridPos: - x: 0 - y: 44 - h: 1 - w: 24 - management_interface_traffic_both_graph: - gridPos: - x: 0 - y: 45 - h: 8 - w: 24 - management_interface_packets_graph: - gridPos: - x: 0 - y: 53 - h: 8 - w: 12 - management_interface_drops_graph: - gridPos: - x: 12 - y: 53 - h: 8 - w: 12 - monitor_interface_traffic_both_graph: - gridPos: - x: 0 - y: 61 - h: 8 - w: 24 - monitor_interface_packets_graph: - gridPos: - x: 0 - y: 69 - h: 8 - w: 12 - monitor_interface_drops_graph: - gridPos: - x: 12 - y: 69 - h: 8 - w: 12 - - row_disk_usage: - gridPos: - x: 0 - y: 77 - h: 1 - w: 24 - disk_usage_root_graph: - gridPos: - x: 0 - y: 78 - h: 8 - w: 12 - disk_usage_nsm_graph: - gridPos: - x: 12 - y: 78 - h: 8 - w: 12 - - row_disk_iops: - gridPos: - x: 0 - y: 86 - h: 1 - w: 24 - disk_io_requests_graph: - gridPos: - x: 0 - y: 87 - h: 8 - w: 8 - disk_io_bytes_graph: - gridPos: - x: 8 - y: 87 - h: 8 - w: 8 - disk_io_time_graph: - gridPos: - x: 16 - y: 87 - h: 8 - w: 8 - - row_docker_details: - gridPos: - x: 0 - y: 95 - h: 1 - w: 24 - cpu_docker_combined_current_graph: - gridPos: - x: 0 - y: 96 - h: 8 - w: 24 - cpu_docker_combined_trend_graph: - gridPos: - x: 0 - y: 104 - h: 8 - w: 24 - memory_used_docker_combined_current_graph: - gridPos: - x: 0 - y: 112 - h: 8 - w: 24 - memory_used_docker_combined_trend_graph: - gridPos: - x: 0 - y: 120 - h: 8 - w: 24 - network_usage_docker_combined_current_graph: - gridPos: - x: 0 - y: 128 - h: 8 - w: 24 - network_usage_docker_combined_trend_graph: - gridPos: - x: 0 - y: 136 - h: 8 - w: 24 - uptime_docker_combined_current_graph: - gridPos: - x: 0 - y: 144 - h: 8 - w: 12 - uptime_docker_combined_trend_graph: - gridPos: - x: 12 - y: 144 - h: 8 - w: 12 - - row_logstash: - gridPos: - x: 0 - y: 152 - h: 1 - w: 24 - logstash_estimated_eps_in_graph: - gridPos: - x: 0 - y: 153 - h: 8 - w: 24 - - row_elasticsearch: - gridPos: - x: 0 - y: 161 - h: 1 - w: 24 - elasticsearch_document_count_graph: - gridPos: - x: 0 - y: 162 - h: 8 - w: 12 - elasticsearch_thread_count_graph: - gridPos: - x: 12 - y: 162 - h: 8 - w: 12 - elasticsearch_store_size_graph: - gridPos: - x: 0 - y: 170 - h: 8 - w: 12 - elasticsearch_field_data_cache_size_graph: - gridPos: - x: 12 - y: 170 - h: 8 - w: 12 - - row_redis: - gridPos: - x: 0 - y: 178 - h: 1 - w: 24 - redis_queue_graph: - gridPos: - x: 0 - y: 179 - h: 8 - w: 24 - - row_zeek: - gridPos: - x: 0 - y: 187 - h: 1 - w: 24 - zeek_packet_loss_graph: - gridPos: - x: 0 - y: 188 - h: 8 - w: 12 - zeek_capture_loss_graph: - gridPos: - x: 12 - y: 188 - h: 8 - w: 12 - - row_suricata: - gridPos: - x: 0 - y: 196 - h: 1 - w: 24 - suricata_packet_loss_graph: - gridPos: - x: 0 - y: 197 - h: 8 - w: 24 - - row_stenographer: - gridPos: - x: 0 - y: 205 - h: 1 - w: 24 - stenographer_packet_loss_graph: - gridPos: - x: 0 - y: 206 - h: 8 - w: 16 - stenographer_pcap_retention_graph: - gridPos: - x: 16 - y: 206 - h: 8 - w: 8 - - row_influxdb: - gridPos: - x: 0 - y: 214 - h: 1 - w: 24 - influxdb_db_size_graph: - gridPos: - x: 0 - y: 214 - h: 8 - w: 24 - - - manager: - templating: - list: - servername: {} - role: - allValue: false - multi: false - hide: 2 - containers: {} - manint: {} - monint: {} - cpucount: {} - disk: {} - panels: - row_overview: - gridPos: - x: 0 - y: 0 - h: 1 - w: 24 - system_uptime: - gridPos: - x: 0 - y: 1 - h: 4 - w: 4 - load_average_5_minute_stat: - gridPos: - x: 4 - y: 1 - h: 4 - w: 4 - cpu_usage_guage: - gridPos: - x: 8 - y: 1 - h: 4 - w: 2 - ram_usage_guage: - gridPos: - x: 10 - y: 1 - h: 4 - w: 2 - swap_usage_guage: - gridPos: - x: 12 - y: 1 - h: 4 - w: 2 - rootfs_used_guage: - gridPos: - x: 14 - y: 1 - h: 4 - w: 2 - nsm_used_guage: - gridPos: - x: 16 - y: 1 - h: 4 - w: 2 - io_wait_stat: - gridPos: - x: 20 - y: 1 - h: 4 - w: 4 - redis_queue_stat: - gridPos: - x: 0 - y: 5 - h: 4 - w: 4 - - row_cpu: - gridPos: - x: 0 - y: 9 - h: 1 - w: 24 - cpu_usage_tasks_all_graph: - gridPos: - x: 0 - y: 10 - h: 8 - w: 24 - load_averages_graph: - gridPos: - x: 0 - y: 18 - h: 8 - w: 12 - process_status_graph: - gridPos: - x: 12 - y: 18 - h: 8 - w: 12 - - row_memory: - gridPos: - x: 0 - y: 26 - h: 1 - w: 24 - memory_usage_graph: - gridPos: - x: 0 - y: 27 - h: 8 - w: 24 - - row_swap: - gridPos: - x: 0 - y: 35 - h: 1 - w: 24 - swap_io_bytes_graph: - gridPos: - x: 0 - y: 36 - h: 8 - w: 12 - swap_usage_bytes_graph: - gridPos: - x: 12 - y: 36 - h: 8 - w: 12 - - row_network: - gridPos: - x: 0 - y: 44 - h: 1 - w: 24 - management_interface_traffic_both_graph: - gridPos: - x: 0 - y: 45 - h: 8 - w: 24 - management_interface_packets_graph: - gridPos: - x: 0 - y: 53 - h: 8 - w: 12 - management_interface_drops_graph: - gridPos: - x: 12 - y: 53 - h: 8 - w: 12 - - row_disk_usage: - gridPos: - x: 0 - y: 77 - h: 1 - w: 24 - disk_usage_root_graph: - gridPos: - x: 0 - y: 78 - h: 8 - w: 12 - disk_usage_nsm_graph: - gridPos: - x: 12 - y: 78 - h: 8 - w: 12 - - row_disk_iops: - gridPos: - x: 0 - y: 86 - h: 1 - w: 24 - disk_io_requests_graph: - gridPos: - x: 0 - y: 87 - h: 8 - w: 8 - disk_io_bytes_graph: - gridPos: - x: 8 - y: 87 - h: 8 - w: 8 - disk_io_time_graph: - gridPos: - x: 16 - y: 87 - h: 8 - w: 8 - - row_docker_details: - gridPos: - x: 0 - y: 95 - h: 1 - w: 24 - cpu_docker_combined_current_graph: - gridPos: - x: 0 - y: 96 - h: 8 - w: 24 - cpu_docker_combined_trend_graph: - gridPos: - x: 0 - y: 104 - h: 8 - w: 24 - memory_used_docker_combined_current_graph: - gridPos: - x: 0 - y: 112 - h: 8 - w: 24 - memory_used_docker_combined_trend_graph: - gridPos: - x: 0 - y: 120 - h: 8 - w: 24 - network_usage_docker_combined_current_graph: - gridPos: - x: 0 - y: 128 - h: 8 - w: 24 - network_usage_docker_combined_trend_graph: - gridPos: - x: 0 - y: 136 - h: 8 - w: 24 - uptime_docker_combined_current_graph: - gridPos: - x: 0 - y: 144 - h: 8 - w: 12 - uptime_docker_combined_trend_graph: - gridPos: - x: 12 - y: 144 - h: 8 - w: 12 - - row_elasticsearch: - gridPos: - x: 0 - y: 152 - h: 1 - w: 24 - elasticsearch_document_count_graph: - gridPos: - x: 0 - y: 153 - h: 8 - w: 12 - elasticsearch_thread_count_graph: - gridPos: - x: 12 - y: 153 - h: 8 - w: 12 - elasticsearch_store_size_graph: - gridPos: - x: 0 - y: 161 - h: 8 - w: 12 - elasticsearch_field_data_cache_size_graph: - gridPos: - x: 12 - y: 161 - h: 8 - w: 12 - - row_redis: - gridPos: - x: 0 - y: 169 - h: 1 - w: 24 - redis_queue_graph: - gridPos: - x: 0 - y: 170 - h: 8 - w: 24 - - row_influxdb: - gridPos: - x: 0 - y: 178 - h: 1 - w: 24 - influxdb_db_size_graph: - gridPos: - x: 0 - y: 179 - h: 8 - w: 24 - - - managersearch: - templating: - list: - servername: {} - role: - allValue: false - multi: false - hide: 2 - containers: {} - manint: {} - monint: {} - cpucount: {} - disk: {} - panels: - row_overview: - gridPos: - x: 0 - y: 0 - h: 1 - w: 24 - system_uptime: - gridPos: - x: 0 - y: 1 - h: 4 - w: 4 - load_average_5_minute_stat: - gridPos: - x: 4 - y: 1 - h: 4 - w: 4 - cpu_usage_guage: - gridPos: - x: 8 - y: 1 - h: 4 - w: 2 - ram_usage_guage: - gridPos: - x: 10 - y: 1 - h: 4 - w: 2 - swap_usage_guage: - gridPos: - x: 12 - y: 1 - h: 4 - w: 2 - rootfs_used_guage: - gridPos: - x: 14 - y: 1 - h: 4 - w: 2 - nsm_used_guage: - gridPos: - x: 16 - y: 1 - h: 4 - w: 2 - io_wait_stat: - gridPos: - x: 20 - y: 1 - h: 4 - w: 4 - logstash_estimated_eps_in_stat: - gridPos: - x: 0 - y: 5 - h: 4 - w: 4 - redis_queue_stat: - gridPos: - x: 4 - y: 5 - h: 4 - w: 4 - - row_cpu: - gridPos: - x: 0 - y: 9 - h: 1 - w: 24 - cpu_usage_tasks_all_graph: - gridPos: - x: 0 - y: 10 - h: 8 - w: 24 - load_averages_graph: - gridPos: - x: 0 - y: 18 - h: 8 - w: 12 - process_status_graph: - gridPos: - x: 12 - y: 18 - h: 8 - w: 12 - - row_memory: - gridPos: - x: 0 - y: 26 - h: 1 - w: 24 - memory_usage_graph: - gridPos: - x: 0 - y: 27 - h: 8 - w: 24 - - row_swap: - gridPos: - x: 0 - y: 35 - h: 1 - w: 24 - swap_io_bytes_graph: - gridPos: - x: 0 - y: 36 - h: 8 - w: 12 - swap_usage_bytes_graph: - gridPos: - x: 12 - y: 36 - h: 8 - w: 12 - - row_network: - gridPos: - x: 0 - y: 44 - h: 1 - w: 24 - management_interface_traffic_both_graph: - gridPos: - x: 0 - y: 45 - h: 8 - w: 24 - management_interface_packets_graph: - gridPos: - x: 0 - y: 53 - h: 8 - w: 12 - management_interface_drops_graph: - gridPos: - x: 12 - y: 53 - h: 8 - w: 12 - - row_disk_usage: - gridPos: - x: 0 - y: 77 - h: 1 - w: 24 - disk_usage_root_graph: - gridPos: - x: 0 - y: 78 - h: 8 - w: 12 - disk_usage_nsm_graph: - gridPos: - x: 12 - y: 78 - h: 8 - w: 12 - - row_disk_iops: - gridPos: - x: 0 - y: 86 - h: 1 - w: 24 - disk_io_requests_graph: - gridPos: - x: 0 - y: 87 - h: 8 - w: 8 - disk_io_bytes_graph: - gridPos: - x: 8 - y: 87 - h: 8 - w: 8 - disk_io_time_graph: - gridPos: - x: 16 - y: 87 - h: 8 - w: 8 - - row_docker_details: - gridPos: - x: 0 - y: 95 - h: 1 - w: 24 - cpu_docker_combined_current_graph: - gridPos: - x: 0 - y: 96 - h: 8 - w: 24 - cpu_docker_combined_trend_graph: - gridPos: - x: 0 - y: 104 - h: 8 - w: 24 - memory_used_docker_combined_current_graph: - gridPos: - x: 0 - y: 112 - h: 8 - w: 24 - memory_used_docker_combined_trend_graph: - gridPos: - x: 0 - y: 120 - h: 8 - w: 24 - network_usage_docker_combined_current_graph: - gridPos: - x: 0 - y: 128 - h: 8 - w: 24 - network_usage_docker_combined_trend_graph: - gridPos: - x: 0 - y: 136 - h: 8 - w: 24 - uptime_docker_combined_current_graph: - gridPos: - x: 0 - y: 144 - h: 8 - w: 12 - uptime_docker_combined_trend_graph: - gridPos: - x: 12 - y: 144 - h: 8 - w: 12 - - row_logstash: - gridPos: - x: 0 - y: 152 - h: 1 - w: 24 - logstash_estimated_eps_in_graph: - gridPos: - x: 0 - y: 153 - h: 8 - w: 24 - - row_elasticsearch: - gridPos: - x: 0 - y: 161 - h: 1 - w: 24 - elasticsearch_document_count_graph: - gridPos: - x: 0 - y: 162 - h: 8 - w: 12 - elasticsearch_thread_count_graph: - gridPos: - x: 12 - y: 162 - h: 8 - w: 12 - elasticsearch_store_size_graph: - gridPos: - x: 0 - y: 170 - h: 8 - w: 12 - elasticsearch_field_data_cache_size_graph: - gridPos: - x: 12 - y: 170 - h: 8 - w: 12 - - row_redis: - gridPos: - x: 0 - y: 178 - h: 1 - w: 24 - redis_queue_graph: - gridPos: - x: 0 - y: 179 - h: 8 - w: 24 - - row_influxdb: - gridPos: - x: 0 - y: 214 - h: 1 - w: 24 - influxdb_db_size_graph: - gridPos: - x: 0 - y: 214 - h: 8 - w: 24 - - - sensor: - templating: - list: - servername: {} - role: - allValue: false - multi: false - hide: 2 - containers: {} - manint: {} - monint: {} - cpucount: {} - disk: {} - panels: - row_overview: - gridPos: - x: 0 - y: 0 - h: 1 - w: 24 - system_uptime: - gridPos: - x: 0 - y: 1 - h: 4 - w: 4 - load_average_5_minute_stat: - gridPos: - x: 4 - y: 1 - h: 4 - w: 4 - cpu_usage_guage: - gridPos: - x: 8 - y: 1 - h: 4 - w: 2 - ram_usage_guage: - gridPos: - x: 10 - y: 1 - h: 4 - w: 2 - swap_usage_guage: - gridPos: - x: 12 - y: 1 - h: 4 - w: 2 - rootfs_used_guage: - gridPos: - x: 14 - y: 1 - h: 4 - w: 2 - nsm_used_guage: - gridPos: - x: 16 - y: 1 - h: 4 - w: 2 - pcap_retention_stat: - gridPos: - x: 18 - y: 1 - h: 4 - w: 2 - io_wait_stat: - gridPos: - x: 20 - y: 1 - h: 4 - w: 4 - monitor_interface_traffic_stat: - gridPos: - x: 8 - y: 5 - h: 4 - w: 4 - zeek_packet_loss_stat: - gridPos: - x: 12 - y: 5 - h: 4 - w: 4 - suricata_packet_loss_stat: - gridPos: - x: 16 - y: 5 - h: 4 - w: 4 - stenographer_packet_loss_stat: - gridPos: - x: 20 - y: 5 - h: 4 - w: 4 - - row_cpu: - gridPos: - x: 0 - y: 9 - h: 1 - w: 24 - cpu_usage_tasks_all_graph: - gridPos: - x: 0 - y: 10 - h: 8 - w: 24 - load_averages_graph: - gridPos: - x: 0 - y: 18 - h: 8 - w: 12 - process_status_graph: - gridPos: - x: 12 - y: 18 - h: 8 - w: 12 - - row_memory: - gridPos: - x: 0 - y: 26 - h: 1 - w: 24 - memory_usage_graph: - gridPos: - x: 0 - y: 27 - h: 8 - w: 24 - - row_swap: - gridPos: - x: 0 - y: 35 - h: 1 - w: 24 - swap_io_bytes_graph: - gridPos: - x: 0 - y: 36 - h: 8 - w: 12 - swap_usage_bytes_graph: - gridPos: - x: 12 - y: 36 - h: 8 - w: 12 - - row_network: - gridPos: - x: 0 - y: 44 - h: 1 - w: 24 - management_interface_traffic_both_graph: - gridPos: - x: 0 - y: 45 - h: 8 - w: 24 - management_interface_packets_graph: - gridPos: - x: 0 - y: 53 - h: 8 - w: 12 - management_interface_drops_graph: - gridPos: - x: 12 - y: 53 - h: 8 - w: 12 - monitor_interface_traffic_both_graph: - gridPos: - x: 0 - y: 61 - h: 8 - w: 24 - monitor_interface_traffic_inbound_total_graph: - gridPos: - x: 0 - y: 69 - h: 8 - w: 24 - monitor_interface_packets_graph: - gridPos: - x: 0 - y: 77 - h: 8 - w: 12 - monitor_interface_drops_graph: - gridPos: - x: 12 - y: 77 - h: 8 - w: 12 - - row_disk_usage: - gridPos: - x: 0 - y: 85 - h: 1 - w: 24 - disk_usage_root_graph: - gridPos: - x: 0 - y: 86 - h: 8 - w: 12 - disk_usage_nsm_graph: - gridPos: - x: 12 - y: 86 - h: 8 - w: 12 - - row_disk_iops: - gridPos: - x: 0 - y: 94 - h: 1 - w: 24 - disk_io_requests_graph: - gridPos: - x: 0 - y: 95 - h: 8 - w: 8 - disk_io_bytes_graph: - gridPos: - x: 8 - y: 95 - h: 8 - w: 8 - disk_io_time_graph: - gridPos: - x: 16 - y: 95 - h: 8 - w: 8 - - row_docker_details: - gridPos: - x: 0 - y: 103 - h: 1 - w: 24 - cpu_docker_combined_current_graph: - gridPos: - x: 0 - y: 104 - h: 8 - w: 24 - cpu_docker_combined_trend_graph: - gridPos: - x: 0 - y: 112 - h: 8 - w: 24 - memory_used_docker_combined_current_graph: - gridPos: - x: 0 - y: 120 - h: 8 - w: 24 - memory_used_docker_combined_trend_graph: - gridPos: - x: 0 - y: 128 - h: 8 - w: 24 - network_usage_docker_combined_current_graph: - gridPos: - x: 0 - y: 136 - h: 8 - w: 24 - network_usage_docker_combined_trend_graph: - gridPos: - x: 0 - y: 144 - h: 8 - w: 24 - uptime_docker_combined_current_graph: - gridPos: - x: 0 - y: 152 - h: 8 - w: 12 - uptime_docker_combined_trend_graph: - gridPos: - x: 12 - y: 152 - h: 8 - w: 12 - - row_zeek: - gridPos: - x: 0 - y: 160 - h: 1 - w: 24 - zeek_packet_loss_graph: - gridPos: - x: 0 - y: 161 - h: 8 - w: 12 - zeek_capture_loss_graph: - gridPos: - x: 12 - y: 161 - h: 8 - w: 12 - - row_suricata: - gridPos: - x: 0 - y: 169 - h: 1 - w: 24 - suricata_packet_loss_graph: - gridPos: - x: 0 - y: 170 - h: 8 - w: 24 - - row_stenographer: - gridPos: - x: 0 - y: 178 - h: 1 - w: 24 - stenographer_packet_loss_graph: - gridPos: - x: 0 - y: 179 - h: 8 - w: 16 - stenographer_pcap_retention_graph: - gridPos: - x: 16 - y: 179 - h: 8 - w: 8 - - - searchnode: - templating: - list: - servername: {} - role: - allValue: false - multi: false - hide: 2 - containers: {} - manint: {} - monint: {} - cpucount: {} - disk: {} - panels: - row_overview: - gridPos: - x: 0 - y: 0 - h: 1 - w: 24 - system_uptime: - gridPos: - x: 0 - y: 1 - h: 4 - w: 4 - load_average_5_minute_stat: - gridPos: - x: 4 - y: 1 - h: 4 - w: 4 - cpu_usage_guage: - gridPos: - x: 8 - y: 1 - h: 4 - w: 2 - ram_usage_guage: - gridPos: - x: 10 - y: 1 - h: 4 - w: 2 - swap_usage_guage: - gridPos: - x: 12 - y: 1 - h: 4 - w: 2 - rootfs_used_guage: - gridPos: - x: 14 - y: 1 - h: 4 - w: 2 - nsm_used_guage: - gridPos: - x: 16 - y: 1 - h: 4 - w: 2 - io_wait_stat: - gridPos: - x: 20 - y: 1 - h: 4 - w: 4 - logstash_estimated_eps_in_stat: - gridPos: - x: 0 - y: 5 - h: 4 - w: 4 - logstash_estimated_eps_out_stat: - gridPos: - x: 4 - y: 5 - h: 4 - w: 4 - - row_cpu: - gridPos: - x: 0 - y: 9 - h: 1 - w: 24 - cpu_usage_tasks_all_graph: - gridPos: - x: 0 - y: 10 - h: 8 - w: 24 - load_averages_graph: - gridPos: - x: 0 - y: 18 - h: 8 - w: 12 - process_status_graph: - gridPos: - x: 12 - y: 18 - h: 8 - w: 12 - - row_memory: - gridPos: - x: 0 - y: 26 - h: 1 - w: 24 - memory_usage_graph: - gridPos: - x: 0 - y: 27 - h: 8 - w: 24 - - row_swap: - gridPos: - x: 0 - y: 35 - h: 1 - w: 24 - swap_io_bytes_graph: - gridPos: - x: 0 - y: 36 - h: 8 - w: 12 - swap_usage_bytes_graph: - gridPos: - x: 12 - y: 36 - h: 8 - w: 12 - - row_network: - gridPos: - x: 0 - y: 44 - h: 1 - w: 24 - management_interface_traffic_both_graph: - gridPos: - x: 0 - y: 45 - h: 8 - w: 24 - management_interface_packets_graph: - gridPos: - x: 0 - y: 53 - h: 8 - w: 12 - management_interface_drops_graph: - gridPos: - x: 12 - y: 53 - h: 8 - w: 12 - - row_disk_usage: - gridPos: - x: 0 - y: 77 - h: 1 - w: 24 - disk_usage_root_graph: - gridPos: - x: 0 - y: 78 - h: 8 - w: 12 - disk_usage_nsm_graph: - gridPos: - x: 12 - y: 78 - h: 8 - w: 12 - - row_disk_iops: - gridPos: - x: 0 - y: 86 - h: 1 - w: 24 - disk_io_requests_graph: - gridPos: - x: 0 - y: 87 - h: 8 - w: 8 - disk_io_bytes_graph: - gridPos: - x: 8 - y: 87 - h: 8 - w: 8 - disk_io_time_graph: - gridPos: - x: 16 - y: 87 - h: 8 - w: 8 - - row_docker_details: - gridPos: - x: 0 - y: 95 - h: 1 - w: 24 - cpu_docker_combined_current_graph: - gridPos: - x: 0 - y: 96 - h: 8 - w: 24 - cpu_docker_combined_trend_graph: - gridPos: - x: 0 - y: 104 - h: 8 - w: 24 - memory_used_docker_combined_current_graph: - gridPos: - x: 0 - y: 112 - h: 8 - w: 24 - memory_used_docker_combined_trend_graph: - gridPos: - x: 0 - y: 120 - h: 8 - w: 24 - network_usage_docker_combined_current_graph: - gridPos: - x: 0 - y: 128 - h: 8 - w: 24 - network_usage_docker_combined_trend_graph: - gridPos: - x: 0 - y: 136 - h: 8 - w: 24 - uptime_docker_combined_current_graph: - gridPos: - x: 0 - y: 144 - h: 8 - w: 12 - uptime_docker_combined_trend_graph: - gridPos: - x: 12 - y: 144 - h: 8 - w: 12 - - row_logstash: - gridPos: - x: 0 - y: 152 - h: 1 - w: 24 - logstash_estimated_eps_in_graph: - gridPos: - x: 0 - y: 153 - h: 8 - w: 24 - logstash_estimated_eps_in_total_graph: - gridPos: - x: 0 - y: 161 - h: 8 - w: 24 - logstash_estimated_eps_out_graph: - gridPos: - x: 0 - y: 169 - h: 8 - w: 24 - logstash_estimated_eps_out_total_graph: - gridPos: - x: 0 - y: 172 - h: 8 - w: 24 - - - heavynode: - templating: - list: - servername: {} - role: - allValue: false - multi: false - hide: 2 - containers: {} - manint: {} - monint: {} - cpucount: {} - disk: {} - panels: - row_overview: - gridPos: - x: 0 - y: 0 - h: 1 - w: 24 - system_uptime: - gridPos: - x: 0 - y: 1 - h: 4 - w: 4 - load_average_5_minute_stat: - gridPos: - x: 4 - y: 1 - h: 4 - w: 4 - cpu_usage_guage: - gridPos: - x: 8 - y: 1 - h: 4 - w: 2 - ram_usage_guage: - gridPos: - x: 10 - y: 1 - h: 4 - w: 2 - swap_usage_guage: - gridPos: - x: 12 - y: 1 - h: 4 - w: 2 - rootfs_used_guage: - gridPos: - x: 14 - y: 1 - h: 4 - w: 2 - nsm_used_guage: - gridPos: - x: 16 - y: 1 - h: 4 - w: 2 - pcap_retention_stat: - gridPos: - x: 18 - y: 1 - h: 4 - w: 2 - io_wait_stat: - gridPos: - x: 20 - y: 1 - h: 4 - w: 4 - logstash_estimated_eps_in_stat: - gridPos: - x: 0 - y: 5 - h: 4 - w: 4 - monitor_interface_traffic_stat: - gridPos: - x: 4 - y: 5 - h: 4 - w: 4 - zeek_packet_loss_stat: - gridPos: - x: 8 - y: 5 - h: 4 - w: 4 - suricata_packet_loss_stat: - gridPos: - x: 12 - y: 5 - h: 4 - w: 4 - stenographer_packet_loss_stat: - gridPos: - x: 16 - y: 5 - h: 4 - w: 4 - - row_cpu: - gridPos: - x: 0 - y: 9 - h: 1 - w: 24 - cpu_usage_tasks_all_graph: - gridPos: - x: 0 - y: 10 - h: 8 - w: 24 - load_averages_graph: - gridPos: - x: 0 - y: 18 - h: 8 - w: 12 - process_status_graph: - gridPos: - x: 12 - y: 18 - h: 8 - w: 12 - - row_memory: - gridPos: - x: 0 - y: 26 - h: 1 - w: 24 - memory_usage_graph: - gridPos: - x: 0 - y: 27 - h: 8 - w: 24 - - row_swap: - gridPos: - x: 0 - y: 35 - h: 1 - w: 24 - swap_io_bytes_graph: - gridPos: - x: 0 - y: 36 - h: 8 - w: 12 - swap_usage_bytes_graph: - gridPos: - x: 12 - y: 36 - h: 8 - w: 12 - - row_network: - gridPos: - x: 0 - y: 44 - h: 1 - w: 24 - management_interface_traffic_both_graph: - gridPos: - x: 0 - y: 45 - h: 8 - w: 24 - management_interface_packets_graph: - gridPos: - x: 0 - y: 53 - h: 8 - w: 12 - management_interface_drops_graph: - gridPos: - x: 12 - y: 53 - h: 8 - w: 12 - monitor_interface_traffic_both_graph: - gridPos: - x: 0 - y: 61 - h: 8 - w: 24 - monitor_interface_packets_graph: - gridPos: - x: 0 - y: 69 - h: 8 - w: 12 - monitor_interface_drops_graph: - gridPos: - x: 12 - y: 69 - h: 8 - w: 12 - - row_disk_usage: - gridPos: - x: 0 - y: 77 - h: 1 - w: 24 - disk_usage_root_graph: - gridPos: - x: 0 - y: 78 - h: 8 - w: 12 - disk_usage_nsm_graph: - gridPos: - x: 12 - y: 78 - h: 8 - w: 12 - - row_disk_iops: - gridPos: - x: 0 - y: 86 - h: 1 - w: 24 - disk_io_requests_graph: - gridPos: - x: 0 - y: 87 - h: 8 - w: 8 - disk_io_bytes_graph: - gridPos: - x: 8 - y: 87 - h: 8 - w: 8 - disk_io_time_graph: - gridPos: - x: 16 - y: 87 - h: 8 - w: 8 - - row_docker_details: - gridPos: - x: 0 - y: 95 - h: 1 - w: 24 - cpu_docker_combined_current_graph: - gridPos: - x: 0 - y: 96 - h: 8 - w: 24 - cpu_docker_combined_trend_graph: - gridPos: - x: 0 - y: 104 - h: 8 - w: 24 - memory_used_docker_combined_current_graph: - gridPos: - x: 0 - y: 112 - h: 8 - w: 24 - memory_used_docker_combined_trend_graph: - gridPos: - x: 0 - y: 120 - h: 8 - w: 24 - network_usage_docker_combined_current_graph: - gridPos: - x: 0 - y: 128 - h: 8 - w: 24 - network_usage_docker_combined_trend_graph: - gridPos: - x: 0 - y: 136 - h: 8 - w: 24 - uptime_docker_combined_current_graph: - gridPos: - x: 0 - y: 144 - h: 8 - w: 12 - uptime_docker_combined_trend_graph: - gridPos: - x: 12 - y: 144 - h: 8 - w: 12 - - row_logstash: - gridPos: - x: 0 - y: 152 - h: 1 - w: 24 - logstash_estimated_eps_in_graph: - gridPos: - x: 0 - y: 153 - h: 8 - w: 24 - - row_zeek: - gridPos: - x: 0 - y: 170 - h: 1 - w: 24 - zeek_packet_loss_graph: - gridPos: - x: 0 - y: 171 - h: 8 - w: 12 - zeek_capture_loss_graph: - gridPos: - x: 12 - y: 171 - h: 8 - w: 12 - - row_suricata: - gridPos: - x: 0 - y: 179 - h: 1 - w: 24 - suricata_packet_loss_graph: - gridPos: - x: 0 - y: 180 - h: 8 - w: 24 - - row_stenographer: - gridPos: - x: 0 - y: 188 - h: 1 - w: 24 - stenographer_packet_loss_graph: - gridPos: - x: 0 - y: 189 - h: 8 - w: 16 - stenographer_pcap_retention_graph: - gridPos: - x: 16 - y: 189 - h: 8 - w: 8 - - - eval: - templating: - list: - servername: {} - role: - allValue: false - multi: false - hide: 2 - containers: {} - manint: {} - monint: {} - cpucount: {} - disk: {} - panels: - row_overview: - gridPos: - x: 0 - y: 0 - h: 1 - w: 24 - system_uptime: - gridPos: - x: 0 - y: 1 - h: 4 - w: 4 - load_average_5_minute_stat: - gridPos: - x: 4 - y: 1 - h: 4 - w: 4 - cpu_usage_guage: - gridPos: - x: 8 - y: 1 - h: 4 - w: 2 - ram_usage_guage: - gridPos: - x: 10 - y: 1 - h: 4 - w: 2 - swap_usage_guage: - gridPos: - x: 12 - y: 1 - h: 4 - w: 2 - rootfs_used_guage: - gridPos: - x: 14 - y: 1 - h: 4 - w: 2 - nsm_used_guage: - gridPos: - x: 16 - y: 1 - h: 4 - w: 2 - pcap_retention_stat: - gridPos: - x: 18 - y: 1 - h: 4 - w: 2 - io_wait_stat: - gridPos: - x: 20 - y: 1 - h: 4 - w: 4 - redis_queue_stat: - gridPos: - x: 4 - y: 5 - h: 4 - w: 4 - monitor_interface_traffic_stat: - gridPos: - x: 8 - y: 5 - h: 4 - w: 4 - zeek_packet_loss_stat: - gridPos: - x: 12 - y: 5 - h: 4 - w: 4 - suricata_packet_loss_stat: - gridPos: - x: 16 - y: 5 - h: 4 - w: 4 - stenographer_packet_loss_stat: - gridPos: - x: 20 - y: 5 - h: 4 - w: 4 - - row_cpu: - gridPos: - x: 0 - y: 9 - h: 1 - w: 24 - cpu_usage_tasks_all_graph: - gridPos: - x: 0 - y: 10 - h: 8 - w: 24 - load_averages_graph: - gridPos: - x: 0 - y: 18 - h: 8 - w: 12 - process_status_graph: - gridPos: - x: 12 - y: 18 - h: 8 - w: 12 - - row_memory: - gridPos: - x: 0 - y: 26 - h: 1 - w: 24 - memory_usage_graph: - gridPos: - x: 0 - y: 27 - h: 8 - w: 24 - - row_swap: - gridPos: - x: 0 - y: 35 - h: 1 - w: 24 - swap_io_bytes_graph: - gridPos: - x: 0 - y: 36 - h: 8 - w: 12 - swap_usage_bytes_graph: - gridPos: - x: 12 - y: 36 - h: 8 - w: 12 - - row_network: - gridPos: - x: 0 - y: 44 - h: 1 - w: 24 - management_interface_traffic_both_graph: - gridPos: - x: 0 - y: 45 - h: 8 - w: 24 - management_interface_packets_graph: - gridPos: - x: 0 - y: 53 - h: 8 - w: 12 - management_interface_drops_graph: - gridPos: - x: 12 - y: 53 - h: 8 - w: 12 - monitor_interface_traffic_both_graph: - gridPos: - x: 0 - y: 61 - h: 8 - w: 24 - monitor_interface_packets_graph: - gridPos: - x: 0 - y: 69 - h: 8 - w: 12 - monitor_interface_drops_graph: - gridPos: - x: 12 - y: 69 - h: 8 - w: 12 - - row_disk_usage: - gridPos: - x: 0 - y: 77 - h: 1 - w: 24 - disk_usage_root_graph: - gridPos: - x: 0 - y: 78 - h: 8 - w: 12 - disk_usage_nsm_graph: - gridPos: - x: 12 - y: 78 - h: 8 - w: 12 - - row_disk_iops: - gridPos: - x: 0 - y: 86 - h: 1 - w: 24 - disk_io_requests_graph: - gridPos: - x: 0 - y: 87 - h: 8 - w: 8 - disk_io_bytes_graph: - gridPos: - x: 8 - y: 87 - h: 8 - w: 8 - disk_io_time_graph: - gridPos: - x: 16 - y: 87 - h: 8 - w: 8 - - row_docker_details: - gridPos: - x: 0 - y: 95 - h: 1 - w: 24 - cpu_docker_combined_current_graph: - gridPos: - x: 0 - y: 96 - h: 8 - w: 24 - cpu_docker_combined_trend_graph: - gridPos: - x: 0 - y: 104 - h: 8 - w: 24 - memory_used_docker_combined_current_graph: - gridPos: - x: 0 - y: 112 - h: 8 - w: 24 - memory_used_docker_combined_trend_graph: - gridPos: - x: 0 - y: 120 - h: 8 - w: 24 - network_usage_docker_combined_current_graph: - gridPos: - x: 0 - y: 128 - h: 8 - w: 24 - network_usage_docker_combined_trend_graph: - gridPos: - x: 0 - y: 136 - h: 8 - w: 24 - uptime_docker_combined_current_graph: - gridPos: - x: 0 - y: 144 - h: 8 - w: 12 - uptime_docker_combined_trend_graph: - gridPos: - x: 12 - y: 144 - h: 8 - w: 12 - - row_elasticsearch: - gridPos: - x: 0 - y: 161 - h: 1 - w: 24 - elasticsearch_document_count_graph: - gridPos: - x: 0 - y: 162 - h: 8 - w: 12 - elasticsearch_thread_count_graph: - gridPos: - x: 12 - y: 162 - h: 8 - w: 12 - elasticsearch_store_size_graph: - gridPos: - x: 0 - y: 170 - h: 8 - w: 12 - elasticsearch_field_data_cache_size_graph: - gridPos: - x: 12 - y: 170 - h: 8 - w: 12 - - row_redis: - gridPos: - x: 0 - y: 178 - h: 1 - w: 24 - redis_queue_graph: - gridPos: - x: 0 - y: 179 - h: 8 - w: 24 - - row_zeek: - gridPos: - x: 0 - y: 187 - h: 1 - w: 24 - zeek_packet_loss_graph: - gridPos: - x: 0 - y: 188 - h: 8 - w: 12 - zeek_capture_loss_graph: - gridPos: - x: 12 - y: 188 - h: 8 - w: 12 - - row_suricata: - gridPos: - x: 0 - y: 196 - h: 1 - w: 24 - suricata_packet_loss_graph: - gridPos: - x: 0 - y: 197 - h: 8 - w: 24 - - row_stenographer: - gridPos: - x: 0 - y: 205 - h: 1 - w: 24 - stenographer_packet_loss_graph: - gridPos: - x: 0 - y: 206 - h: 8 - w: 16 - stenographer_pcap_retention_graph: - gridPos: - x: 16 - y: 206 - h: 8 - w: 8 - - row_influxdb: - gridPos: - x: 0 - y: 214 - h: 1 - w: 24 - influxdb_db_size_graph: - gridPos: - x: 0 - y: 214 - h: 8 - w: 24 - - - receiver: - templating: - list: - servername: {} - role: - allValue: false - multi: false - hide: 2 - containers: {} - manint: {} - monint: {} - cpucount: {} - disk: {} - panels: - row_overview: - gridPos: - x: 0 - y: 0 - h: 1 - w: 24 - system_uptime: - gridPos: - x: 0 - y: 1 - h: 4 - w: 4 - load_average_5_minute_stat: - gridPos: - x: 4 - y: 1 - h: 4 - w: 4 - cpu_usage_guage: - gridPos: - x: 8 - y: 1 - h: 4 - w: 2 - ram_usage_guage: - gridPos: - x: 10 - y: 1 - h: 4 - w: 2 - swap_usage_guage: - gridPos: - x: 12 - y: 1 - h: 4 - w: 2 - rootfs_used_guage: - gridPos: - x: 14 - y: 1 - h: 4 - w: 2 - nsm_used_guage: - gridPos: - x: 16 - y: 1 - h: 4 - w: 2 - io_wait_stat: - gridPos: - x: 20 - y: 1 - h: 4 - w: 4 - logstash_estimated_eps_in_stat: - gridPos: - x: 0 - y: 5 - h: 4 - w: 4 - logstash_estimated_eps_out_stat: - gridPos: - x: 4 - y: 5 - h: 4 - w: 4 - redis_queue_stat: - gridPos: - x: 8 - y: 5 - h: 4 - w: 4 - - row_cpu: - gridPos: - x: 0 - y: 9 - h: 1 - w: 24 - cpu_usage_tasks_all_graph: - gridPos: - x: 0 - y: 10 - h: 8 - w: 24 - load_averages_graph: - gridPos: - x: 0 - y: 18 - h: 8 - w: 12 - process_status_graph: - gridPos: - x: 12 - y: 18 - h: 8 - w: 12 - - row_memory: - gridPos: - x: 0 - y: 26 - h: 1 - w: 24 - memory_usage_graph: - gridPos: - x: 0 - y: 27 - h: 8 - w: 24 - - row_swap: - gridPos: - x: 0 - y: 35 - h: 1 - w: 24 - swap_io_bytes_graph: - gridPos: - x: 0 - y: 36 - h: 8 - w: 12 - swap_usage_bytes_graph: - gridPos: - x: 12 - y: 36 - h: 8 - w: 12 - - row_network: - gridPos: - x: 0 - y: 44 - h: 1 - w: 24 - management_interface_traffic_both_graph: - gridPos: - x: 0 - y: 45 - h: 8 - w: 24 - management_interface_packets_graph: - gridPos: - x: 0 - y: 53 - h: 8 - w: 12 - management_interface_drops_graph: - gridPos: - x: 12 - y: 53 - h: 8 - w: 12 - - row_disk_usage: - gridPos: - x: 0 - y: 77 - h: 1 - w: 24 - disk_usage_root_graph: - gridPos: - x: 0 - y: 78 - h: 8 - w: 12 - disk_usage_nsm_graph: - gridPos: - x: 12 - y: 78 - h: 8 - w: 12 - - row_disk_iops: - gridPos: - x: 0 - y: 86 - h: 1 - w: 24 - disk_io_requests_graph: - gridPos: - x: 0 - y: 87 - h: 8 - w: 8 - disk_io_bytes_graph: - gridPos: - x: 8 - y: 87 - h: 8 - w: 8 - disk_io_time_graph: - gridPos: - x: 16 - y: 87 - h: 8 - w: 8 - - row_docker_details: - gridPos: - x: 0 - y: 95 - h: 1 - w: 24 - cpu_docker_combined_current_graph: - gridPos: - x: 0 - y: 96 - h: 8 - w: 24 - cpu_docker_combined_trend_graph: - gridPos: - x: 0 - y: 104 - h: 8 - w: 24 - memory_used_docker_combined_current_graph: - gridPos: - x: 0 - y: 112 - h: 8 - w: 24 - memory_used_docker_combined_trend_graph: - gridPos: - x: 0 - y: 120 - h: 8 - w: 24 - network_usage_docker_combined_current_graph: - gridPos: - x: 0 - y: 128 - h: 8 - w: 24 - network_usage_docker_combined_trend_graph: - gridPos: - x: 0 - y: 136 - h: 8 - w: 24 - uptime_docker_combined_current_graph: - gridPos: - x: 0 - y: 144 - h: 8 - w: 12 - uptime_docker_combined_trend_graph: - gridPos: - x: 12 - y: 144 - h: 8 - w: 12 - - row_logstash: - gridPos: - x: 0 - y: 152 - h: 1 - w: 24 - logstash_estimated_eps_in_graph: - gridPos: - x: 0 - y: 153 - h: 8 - w: 24 - logstash_estimated_eps_in_total_graph: - gridPos: - x: 0 - y: 161 - h: 8 - w: 24 - logstash_estimated_eps_out_graph: - gridPos: - x: 0 - y: 169 - h: 8 - w: 24 - logstash_estimated_eps_out_total_graph: - gridPos: - x: 0 - y: 172 - h: 8 - w: 24 - - row_redis: - gridPos: - x: 0 - y: 180 - h: 1 - w: 24 - redis_queue_graph: - gridPos: - x: 0 - y: 181 - h: 8 - w: 24 - - - pipeline_overview_nontc: - title: 'Pipeline Overview' - templating: - list: - searchnode: - includeAll: true - multi: true - hide: 2 - text: All - value: "$__all" - panels: - redis_queue_graph: - gridPos: - x: 0 - y: 0 - h: 8 - w: 8 - logstash_eps_in_out_manager_graph: - gridPos: - x: 8 - y: 0 - h: 8 - w: 8 - logstash_indexing_eps_in_searchnode_total_graph: - gridPos: - x: 16 - y: 0 - h: 8 - w: 8 - logstash_indexing_eps_in_out_searchnode_graph: - gridPos: - x: 0 - y: 8 - h: 8 - w: 24 - elasticsearch_ingest_performance_nontc_graph: - gridPos: - x: 0 - y: 16 - h: 8 - w: 24 - elasticsearch_pipeline_time_nontc_graph: - gridPos: - x: 0 - y: 24 - h: 8 - w: 24 - - - pipeline_overview_tc: - title: 'Pipeline Overview' - templating: - list: - searchnode: - includeAll: true - multi: true - hide: 2 - text: All - value: "$__all" - cluster_name: - includeAll: true - multi: true - hide: 2 - text: All - value: "$__all" - panels: - redis_queue_graph: - gridPos: - x: 0 - y: 0 - h: 8 - w: 8 - logstash_eps_in_out_manager_graph: - gridPos: - x: 8 - y: 0 - h: 8 - w: 8 - logstash_indexing_eps_in_searchnode_total_graph: - gridPos: - x: 16 - y: 0 - h: 8 - w: 8 - logstash_indexing_eps_in_out_searchnode_graph: - gridPos: - x: 0 - y: 8 - h: 8 - w: 24 - elasticsearch_ingest_performance_tc_graph: - gridPos: - x: 0 - y: 16 - h: 8 - w: 24 - elasticsearch_pipeline_time_tc_graph: - gridPos: - x: 0 - y: 24 - h: 8 - w: 24 diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls deleted file mode 100644 index 1c5f30d5b..000000000 --- a/salt/grafana/init.sls +++ /dev/null @@ -1,164 +0,0 @@ -{% from 'allowed_states.map.jinja' import allowed_states %} -{% if sls in allowed_states %} -{% from 'vars/globals.map.jinja' import GLOBALS %} -{% from 'docker/docker.map.jinja' import DOCKER %} -{% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %} -{% set ADMINPASS = salt['pillar.get']('secrets:grafana_admin') %} - -{% import_yaml 'grafana/grafana_defaults.yaml' as default_settings %} -{% set GRAFANA_SETTINGS = salt['grains.filter_by'](default_settings, default='grafana', merge=salt['pillar.get']('grafana', {})) %} - -{% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-eval'] %} - -{% set ALLOWED_DASHBOARDS = ['overview', 'standalone', 'manager', 'managersearch', 'sensor', 'searchnode', 'heavynode', 'eval', 'receiver'] %} -{% set DASHBOARDS = ['overview'] %} -{% if grains.role == 'so-eval' %} - {% do DASHBOARDS.append('eval') %} -{% else %} - {% if not salt['pillar.get']('elasticsearch:true_cluster', False) %} - {% do DASHBOARDS.append('pipeline_overview_nontc') %} - {% else %} - {% do DASHBOARDS.append('pipeline_overview_tc') %} - {% endif %} - {# Grab a unique listing of nodetypes that exists so that we create only the needed dashboards #} - {% for dashboard in salt['cmd.shell']("ls /opt/so/saltstack/local/pillar/minions/|awk -F'_' {'print $2'}|awk -F'.' {'print $1'}").split() %} - {% if dashboard in ALLOWED_DASHBOARDS %} - {% do DASHBOARDS.append(dashboard) %} - {% endif %} - {% endfor %} -{% endif %} - - - -# Grafana all the things -grafanadir: - file.directory: - - name: /nsm/grafana - - user: 939 - - group: 939 - - makedirs: True - -grafanaconfdir: - file.directory: - - name: /opt/so/conf/grafana/etc - - user: 939 - - group: 939 - - makedirs: True - -grafanadashdir: - file.directory: - - name: /opt/so/conf/grafana/grafana_dashboards - - user: 939 - - group: 939 - - makedirs: True - -{% for type in ['eval','manager','managersearch','search_nodes','sensor_nodes','standalone'] %} -remove_dashboard_dir_{{type}}: - file.absent: - - name: /opt/so/conf/grafana/grafana_dashboards/{{type}} -{% endfor %} - -grafana-dashboard-config: - file.managed: - - name: /opt/so/conf/grafana/etc/dashboards/dashboard.yml - - user: 939 - - group: 939 - - template: jinja - - source: salt://grafana/etc/dashboards/dashboard.yml - - makedirs: True - - -grafana-datasources-config: - file.managed: - - name: /opt/so/conf/grafana/etc/datasources/influxdb.yaml - - user: 939 - - group: 939 - - template: jinja - - source: salt://grafana/etc/datasources/influxdb.yaml - - makedirs: True - - defaults: - GLOBALS: {{ GLOBALS }} - -grafana-config: - file.managed: - - name: /opt/so/conf/grafana/etc/grafana.ini - - user: 939 - - group: 939 - - template: jinja - - source: salt://grafana/etc/grafana.ini.jinja - - context: - config: {{ GRAFANA_SETTINGS.config|json }} - -# these are the files that are referenced inside the config such as smtp:cert_file, smtp:cert_key, auth.ldap:config_file, enterprise:license_path -grafana-config-files: - file.recurse: - - name: /opt/so/conf/grafana/etc/files - - user: 939 - - group: 939 - - source: salt://grafana/etc/files - - makedirs: True - -so-grafana-dashboard-folder-delete: - cmd.run: - - name: /usr/sbin/so-grafana-dashboard-folder-delete - - unless: ls /opt/so/state/so-grafana-dashboard-folder-delete-complete - -{% for dashboard in DASHBOARDS | unique %} -{{dashboard}}-dashboard: - file.managed: - - name: /opt/so/conf/grafana/grafana_dashboards/{{dashboard}}.json - - user: 939 - - group: 939 - - template: jinja - - source: salt://grafana/dashboards/common_template.json.jinja - - defaults: - DASHBOARD: {{ dashboard }} - PANELS: {{GRAFANA_SETTINGS.dashboards[dashboard].panels}} - TEMPLATES: {{GRAFANA_SETTINGS.dashboards[dashboard].templating.list}} - TITLE: {{ GRAFANA_SETTINGS.dashboards[dashboard].get('title', dashboard| capitalize) }} - ID: {{ loop.index }} - UID: {{ dashboard }} -{% endfor %} - -so-grafana: - docker_container.running: - - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-grafana:{{ GLOBALS.so_version }} - - hostname: grafana - - user: socore - - networks: - - sobridge: - - ipv4_address: {{ DOCKER.containers['so-grafana'].ip }} - - extra_hosts: - - {{GLOBALS.influxdb_host}}:{{pillar.node_data[GLOBALS.influxdb_host].ip}} - - binds: - - /nsm/grafana:/var/lib/grafana:rw - - /opt/so/conf/grafana/etc/grafana.ini:/etc/grafana/grafana.ini:ro - - /opt/so/conf/grafana/etc/datasources:/etc/grafana/provisioning/datasources:rw - - /opt/so/conf/grafana/etc/dashboards:/etc/grafana/provisioning/dashboards:rw - - /opt/so/conf/grafana/grafana_dashboards:/etc/grafana/grafana_dashboards:rw - - /opt/so/conf/grafana/etc/files:/etc/grafana/config/files:ro - - environment: - - GF_SECURITY_ADMIN_PASSWORD={{ ADMINPASS }} - - port_bindings: - {% for BINDING in DOCKER.containers['so-grafana'].port_bindings %} - - {{ BINDING }} - {% endfor %} - - watch: - - file: /opt/so/conf/grafana/* - - require: - - file: grafana-config - -append_so-grafana_so-status.conf: - file.append: - - name: /opt/so/conf/so-status/so-status.conf - - text: so-grafana - -{% endif %} - -{% else %} - -{{sls}}_state_not_allowed: - test.fail_without_changes: - - name: {{sls}}_state_not_allowed - -{% endif %} diff --git a/salt/grafana/panels/cpu_docker_combined_current_graph.json.jinja b/salt/grafana/panels/cpu_docker_combined_current_graph.json.jinja deleted file mode 100644 index 7d0f67135..000000000 --- a/salt/grafana/panels/cpu_docker_combined_current_graph.json.jinja +++ /dev/null @@ -1,223 +0,0 @@ -{ - "id": 100, - "gridPos": { - "x": {{ PANELS.cpu_docker_combined_current_graph.gridPos.x }}, - "y": {{ PANELS.cpu_docker_combined_current_graph.gridPos.y }}, - "w": {{ PANELS.cpu_docker_combined_current_graph.gridPos.w }}, - "h": {{ PANELS.cpu_docker_combined_current_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Container CPU Usage Current", - "transformations": [], - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "decimals": 1, - "unit": "percent" - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/n_cpus/" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "color", - "value": { - "mode": "fixed", - "fixedColor": "dark-red" - } - } - ] - } - ] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: $tag_container_name", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "container_name" - ], - "type": "tag" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(\"usage_percent\") FROM \"docker_container_cpu\" WHERE (\"host\" =~ /^$servername$/ AND \"container_name\" =~ /^$containers$/) AND $timeFilter GROUP BY time($__interval), \"container_name\", \"host\" fill(null)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=~", - "value": "/^$containers$/" - } - ] - }, - { - "alias": "$tag_host: n_cpus*100", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - " * 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - } - ] - } - ], - "maxDataPoints": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/cpu_docker_combined_trend_graph.json.jinja b/salt/grafana/panels/cpu_docker_combined_trend_graph.json.jinja deleted file mode 100644 index 2e2dbe797..000000000 --- a/salt/grafana/panels/cpu_docker_combined_trend_graph.json.jinja +++ /dev/null @@ -1,220 +0,0 @@ -{ - "id": 101, - "gridPos": { - "x": {{ PANELS.cpu_docker_combined_trend_graph.gridPos.x }}, - "y": {{ PANELS.cpu_docker_combined_trend_graph.gridPos.y }}, - "w": {{ PANELS.cpu_docker_combined_trend_graph.gridPos.w }}, - "h": {{ PANELS.cpu_docker_combined_trend_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Container CPU Usage Trend", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": true, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "decimals": 1, - "unit": "percent" - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/n_cpus/" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "color", - "value": { - "mode": "fixed", - "fixedColor": "dark-red" - } - } - ] - } - ] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: $tag_container_name", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "container_name" - ], - "type": "tag" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_cpu", - "orderByTime": "ASC", - "policy": "so_long_term", - "queryType": "randomWalk", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=~", - "value": "/^$containers$/" - } - ] - }, - { - "alias": "$tag_host: n_cpus*100", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "system", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_n_cpus" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - " * 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - } - ] - } - ], - "description": "", - "maxDataPoints": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/cpu_usage_current_graph.json.jinja b/salt/grafana/panels/cpu_usage_current_graph.json.jinja deleted file mode 100644 index 15c70cedd..000000000 --- a/salt/grafana/panels/cpu_usage_current_graph.json.jinja +++ /dev/null @@ -1,150 +0,0 @@ -{ - "id": 69001, - "gridPos": { - "x": {{ PANELS.cpu_usage_current_graph.gridPos.x }}, - "y": {{ PANELS.cpu_usage_current_graph.gridPos.y }}, - "w": {{ PANELS.cpu_usage_current_graph.gridPos.w }}, - "h": {{ PANELS.cpu_usage_current_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "CPU Usage", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "unit": "percent", - "min": 0, - "decimals": 1 - }, - "overrides": [] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host $tag_role", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "role" - ], - "type": "tag" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "*-1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "maxDataPoints": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/cpu_usage_guage.json.jinja b/salt/grafana/panels/cpu_usage_guage.json.jinja deleted file mode 100644 index d5cd949d8..000000000 --- a/salt/grafana/panels/cpu_usage_guage.json.jinja +++ /dev/null @@ -1,126 +0,0 @@ -{ - "id": 9, - "gridPos": { - "x": {{ PANELS.cpu_usage_guage.gridPos.x }}, - "y": {{ PANELS.cpu_usage_guage.gridPos.y }}, - "w": {{ PANELS.cpu_usage_guage.gridPos.w }}, - "h": {{ PANELS.cpu_usage_guage.gridPos.h }} - }, - "type": "gauge", - "title": "CPU usage", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "links": [], - "fieldConfig": { - "defaults": { - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 70 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 80 - } - ] - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "color": { - "mode": "thresholds" - }, - "max": 100, - "min": 0, - "unit": "percent" - }, - "overrides": [] - }, - "interval": "30", - "options": { - "reduceOptions": { - "values": false, - "calcs": [ - "lastNotNull" - ], - "fields": "" - }, - "orientation": "horizontal", - "showThresholdLabels": false, - "showThresholdMarkers": true, - "text": {} - }, - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_idle" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* -1 + 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ], - "orderByTime": "ASC" - } - ], - "maxDataPoints": null, - "cacheTimeout": null -} diff --git a/salt/grafana/panels/cpu_usage_tasks_all_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_all_graph.json.jinja deleted file mode 100644 index dea4c3d8c..000000000 --- a/salt/grafana/panels/cpu_usage_tasks_all_graph.json.jinja +++ /dev/null @@ -1,193 +0,0 @@ -{ - "id": 61871, - "gridPos": { - "x": {{ PANELS.cpu_usage_tasks_all_graph.gridPos.x }}, - "y": {{ PANELS.cpu_usage_tasks_all_graph.gridPos.y }}, - "w": {{ PANELS.cpu_usage_tasks_all_graph.gridPos.w }}, - "h": {{ PANELS.cpu_usage_tasks_all_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "CPU Usage", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(usage_user) as \"user\", mean(usage_system) as \"system\", mean(usage_softirq) as \"softirq\", mean(usage_steal) as \"steal\", mean(usage_nice) as \"nice\", mean(usage_irq) as \"irq\", mean(usage_iowait) as \"iowait\", mean(usage_guest) as \"guest\", mean(usage_guest_nice) as \"guest_nice\" FROM \"cpu\" WHERE \"host\" =~ /^$servername$/ and cpu = 'cpu-total' AND $timeFilter GROUP BY time($__interval), *", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [], - "hide": false - }, - { - "alias": "$tag_host: $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(mean_usage_user) as \"trend_user\", mean(mean_usage_system) as \"trend_system\", mean(mean_usage_softirq) as \"trend_softirq\", mean(mean_usage_steal) as \"trend_steal\", mean(mean_usage_nice) as \"trend_nice\", mean(mean_usage_irq) as \"trend_irq\", mean(mean_usage_iowait) as \"trend_iowait\", mean(mean_usage_guest) as \"trend_guest\", mean(mean_usage_guest_nice) as \"trend_guest_nice\" FROM \"so_long_term\".\"cpu\" WHERE \"host\" =~ /^$servername$/ and cpu = 'cpu-total' AND $timeFilter GROUP BY time($__interval), * fill(linear)", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "value": null, - "color": "green" - }, - { - "value": 80, - "color": "red" - } - ] - }, - "mappings": [], - "unit": "percent", - "min": 0, - "decimals": 1 - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/trend/" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "custom.lineWidth", - "value": 4 - }, - { - "id": "custom.lineStyle", - "value": { - "fill": "dash", - "dash": [ - 4, - 10 - ] - } - } - ] - } - ] - }, - "maxDataPoints": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja deleted file mode 100644 index 6a7371038..000000000 --- a/salt/grafana/panels/cpu_usage_tasks_blocked_graph.json.jinja +++ /dev/null @@ -1,124 +0,0 @@ -{ - "id": 69005, - "gridPos": { - "x": {{ PANELS.cpu_usage_tasks_blocked_graph.gridPos.x }}, - "y": {{ PANELS.cpu_usage_tasks_blocked_graph.gridPos.y }}, - "w": {{ PANELS.cpu_usage_tasks_blocked_graph.gridPos.w }}, - "h": {{ PANELS.cpu_usage_tasks_blocked_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "CPU Tasks Blocked", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "value": null, - "color": "green" - }, - { - "value": 80, - "color": "red" - } - ] - }, - "mappings": [], - "unit": "short", - "min": 0, - "decimals": 1 - }, - "overrides": [] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host $tag_role", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(blocked) as blocked FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "timeFrom": null, - "timeShift": null, - "interval": "30s" -} diff --git a/salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja deleted file mode 100644 index 2f56dffaa..000000000 --- a/salt/grafana/panels/cpu_usage_tasks_paging_graph.json.jinja +++ /dev/null @@ -1,124 +0,0 @@ -{ - "id": 69008, - "gridPos": { - "x": {{ PANELS.cpu_usage_tasks_paging_graph.gridPos.x }}, - "y": {{ PANELS.cpu_usage_tasks_paging_graph.gridPos.y }}, - "w": {{ PANELS.cpu_usage_tasks_paging_graph.gridPos.w }}, - "h": {{ PANELS.cpu_usage_tasks_paging_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "CPU Tasks Paging", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "value": null, - "color": "green" - }, - { - "value": 80, - "color": "red" - } - ] - }, - "mappings": [], - "unit": "short", - "min": 0, - "decimals": 1 - }, - "overrides": [] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host $tag_role", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(paging) as paging FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "interval": "30s", - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja deleted file mode 100644 index 657321696..000000000 --- a/salt/grafana/panels/cpu_usage_tasks_running_graph.json.jinja +++ /dev/null @@ -1,124 +0,0 @@ -{ - "id": 69003, - "gridPos": { - "x": {{ PANELS.cpu_usage_tasks_running_graph.gridPos.x }}, - "y": {{ PANELS.cpu_usage_tasks_running_graph.gridPos.y }}, - "w": {{ PANELS.cpu_usage_tasks_running_graph.gridPos.w }}, - "h": {{ PANELS.cpu_usage_tasks_running_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "CPU Tasks Running", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "value": null, - "color": "green" - }, - { - "value": 80, - "color": "red" - } - ] - }, - "mappings": [], - "unit": "short", - "min": 0, - "decimals": 1 - }, - "overrides": [] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host $tag_role", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(running) as running FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "timeFrom": null, - "timeShift": null, - "interval": "30s" -} diff --git a/salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja deleted file mode 100644 index e88272d2d..000000000 --- a/salt/grafana/panels/cpu_usage_tasks_sleeping_graph.json.jinja +++ /dev/null @@ -1,124 +0,0 @@ -{ - "id": 69006, - "gridPos": { - "x": {{ PANELS.cpu_usage_tasks_sleeping_graph.gridPos.x }}, - "y": {{ PANELS.cpu_usage_tasks_sleeping_graph.gridPos.y }}, - "w": {{ PANELS.cpu_usage_tasks_sleeping_graph.gridPos.w }}, - "h": {{ PANELS.cpu_usage_tasks_sleeping_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "CPU Tasks Sleeping", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "value": null, - "color": "green" - }, - { - "value": 80, - "color": "red" - } - ] - }, - "mappings": [], - "unit": "short", - "min": 0, - "decimals": 1 - }, - "overrides": [] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host $tag_role", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(sleeping) as sleeping FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "timeFrom": null, - "timeShift": null, - "interval": "30s" -} diff --git a/salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja deleted file mode 100644 index d45d59a18..000000000 --- a/salt/grafana/panels/cpu_usage_tasks_stopped_graph.json.jinja +++ /dev/null @@ -1,124 +0,0 @@ -{ - "id": 69007, - "gridPos": { - "x": {{ PANELS.cpu_usage_tasks_stopped_graph.gridPos.x }}, - "y": {{ PANELS.cpu_usage_tasks_stopped_graph.gridPos.y }}, - "w": {{ PANELS.cpu_usage_tasks_stopped_graph.gridPos.w }}, - "h": {{ PANELS.cpu_usage_tasks_stopped_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "CPU Tasks Stopped", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "value": null, - "color": "green" - }, - { - "value": 80, - "color": "red" - } - ] - }, - "mappings": [], - "unit": "short", - "min": 0, - "decimals": 1 - }, - "overrides": [] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host $tag_role", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(stopped) as stopped FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "timeFrom": null, - "timeShift": null, - "interval": "30s" -} diff --git a/salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja deleted file mode 100644 index f0c3005eb..000000000 --- a/salt/grafana/panels/cpu_usage_tasks_unknown_graph.json.jinja +++ /dev/null @@ -1,124 +0,0 @@ -{ - "id": 69009, - "gridPos": { - "x": {{ PANELS.cpu_usage_tasks_unknown_graph.gridPos.x }}, - "y": {{ PANELS.cpu_usage_tasks_unknown_graph.gridPos.y }}, - "w": {{ PANELS.cpu_usage_tasks_unknown_graph.gridPos.w }}, - "h": {{ PANELS.cpu_usage_tasks_unknown_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "CPU Tasks Unknown", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "value": null, - "color": "green" - }, - { - "value": 80, - "color": "red" - } - ] - }, - "mappings": [], - "unit": "short", - "min": 0, - "decimals": 1 - }, - "overrides": [] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host $tag_role", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(unknown) as unknown FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "timeFrom": null, - "timeShift": null, - "interval": "30s" -} diff --git a/salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja b/salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja deleted file mode 100644 index 20149ae3b..000000000 --- a/salt/grafana/panels/cpu_usage_tasks_zombies_graph.json.jinja +++ /dev/null @@ -1,124 +0,0 @@ -{ - "id": 69004, - "gridPos": { - "x": {{ PANELS.cpu_usage_tasks_zombies_graph.gridPos.x }}, - "y": {{ PANELS.cpu_usage_tasks_zombies_graph.gridPos.y }}, - "w": {{ PANELS.cpu_usage_tasks_zombies_graph.gridPos.w }}, - "h": {{ PANELS.cpu_usage_tasks_zombies_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "CPU Tasks Zombies", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "value": null, - "color": "green" - }, - { - "value": 80, - "color": "red" - } - ] - }, - "mappings": [], - "unit": "short", - "min": 0, - "decimals": 1 - }, - "overrides": [] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host $tag_role", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(zombies) as zombies FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host, role ORDER BY asc", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "timeFrom": null, - "timeShift": null, - "interval": "30s" -} diff --git a/salt/grafana/panels/disk_io_bytes_graph.json.jinja b/salt/grafana/panels/disk_io_bytes_graph.json.jinja deleted file mode 100644 index 4b9c4c7ff..000000000 --- a/salt/grafana/panels/disk_io_bytes_graph.json.jinja +++ /dev/null @@ -1,189 +0,0 @@ -{ - "id": 60200, - "gridPos": { - "x": {{ PANELS.disk_io_bytes_graph.gridPos.x }}, - "y": {{ PANELS.disk_io_bytes_graph.gridPos.y }}, - "w": {{ PANELS.disk_io_bytes_graph.gridPos.w }}, - "h": {{ PANELS.disk_io_bytes_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Disk I/O bytes for /dev/$disk", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "links": [], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "links": [], - "unit": "bytes", - "decimals": 1 - }, - "overrides": [] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "bottom", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: $tag_name: $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "path", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "io_reads", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(read_bytes),1s) as \"read\" FROM \"diskio\" WHERE \"host\" =~ /$servername$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($__interval), *", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_name: $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "path", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "io_reads", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(write_bytes),1s) as \"write\" FROM \"diskio\" WHERE \"host\" =~ /$servername$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($__interval), *", - "rawQuery": true, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "scopedVars": { - "disk": { - "text": "sda", - "value": "sda", - "selected": false - } - }, - "maxDataPoints": null, - "repeat": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/disk_io_requests_graph.json.jinja b/salt/grafana/panels/disk_io_requests_graph.json.jinja deleted file mode 100644 index a3f95772c..000000000 --- a/salt/grafana/panels/disk_io_requests_graph.json.jinja +++ /dev/null @@ -1,190 +0,0 @@ -{ - "id": 13782, - "gridPos": { - "x": {{ PANELS.disk_io_requests_graph.gridPos.x }}, - "y": {{ PANELS.disk_io_requests_graph.gridPos.y }}, - "w": {{ PANELS.disk_io_requests_graph.gridPos.w }}, - "h": {{ PANELS.disk_io_requests_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Disk I/O requests for /dev/$disk", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "links": [], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "links": [], - "unit": "iops", - "decimals": 1 - }, - "overrides": [] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "bottom", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: $tag_name: $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "path", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "io_reads", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(reads),1s) as \"read\" FROM \"diskio\" WHERE \"host\" =~ /$servername$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($__interval), *", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [], - "hide": false - }, - { - "alias": "$tag_host: $tag_name: $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "path", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "io_reads", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(writes),1s) as \"write\" FROM \"diskio\" WHERE \"host\" =~ /$servername$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($__interval), *", - "rawQuery": true, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "scopedVars": { - "disk": { - "text": "sda", - "value": "sda", - "selected": false - } - }, - "maxDataPoints": null, - "repeat": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/disk_io_time_graph.json.jinja b/salt/grafana/panels/disk_io_time_graph.json.jinja deleted file mode 100644 index fa7c7b51e..000000000 --- a/salt/grafana/panels/disk_io_time_graph.json.jinja +++ /dev/null @@ -1,189 +0,0 @@ -{ - "id": 56720, - "gridPos": { - "x": {{ PANELS.disk_io_time_graph.gridPos.x }}, - "y": {{ PANELS.disk_io_time_graph.gridPos.y }}, - "w": {{ PANELS.disk_io_time_graph.gridPos.w }}, - "h": {{ PANELS.disk_io_time_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Disk I/O time for /dev/$disk", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "links": [], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "links": [], - "unit": "ms", - "decimals": 1 - }, - "overrides": [] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "bottom", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: $tag_name: $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "path", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "io_reads", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(read_time),1s) as \"read\" FROM \"diskio\" WHERE \"host\" =~ /$servername$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($__interval), *", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_name: $col", - "dsType": "influxdb", - "function": "mean", - "groupBy": [ - { - "interval": "auto", - "params": [ - "auto" - ], - "type": "time" - }, - { - "key": "host", - "params": [ - "tag" - ], - "type": "tag" - }, - { - "key": "path", - "params": [ - "tag" - ], - "type": "tag" - } - ], - "measurement": "io_reads", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(write_time),1s) as \"write\" FROM \"diskio\" WHERE \"host\" =~ /$servername$/ AND \"name\" =~ /$disk$/ AND $timeFilter GROUP BY time($__interval), *", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "scopedVars": { - "disk": { - "text": "sda", - "value": "sda", - "selected": false - } - }, - "maxDataPoints": null, - "repeat": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/disk_usage_nsm_graph.json.jinja b/salt/grafana/panels/disk_usage_nsm_graph.json.jinja deleted file mode 100644 index 90212b681..000000000 --- a/salt/grafana/panels/disk_usage_nsm_graph.json.jinja +++ /dev/null @@ -1,211 +0,0 @@ -{ - "id": 68888, - "gridPos": { - "x": {{ PANELS.disk_usage_nsm_graph.gridPos.x }}, - "y": {{ PANELS.disk_usage_nsm_graph.gridPos.y }}, - "w": {{ PANELS.disk_usage_nsm_graph.gridPos.w }}, - "h": {{ PANELS.disk_usage_nsm_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Disk Usage /nsm", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "bottom", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: mountpoint $tag_path - $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(total) AS \"total\", mean(used) as \"used\" FROM \"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/nsm' AND $timeFilter GROUP BY time($__interval), \"host\", \"path\"", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: mountpoint $tag_path - $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(mean_total) AS \"trend_total\", mean(mean_used) as \"trend_used\" FROM \"so_long_term\".\"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/nsm' AND $timeFilter GROUP BY time($__interval), \"host\", \"path\" fill(linear)", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "unit": "bytes", - "min": 0, - "decimals": 1 - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/total/" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#C4162A", - "mode": "fixed" - } - }, - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "custom.lineWidth", - "value": 2 - } - ] - }, - { - "matcher": { - "id": "byRegexp", - "options": "/trend/" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "custom.lineWidth", - "value": 4 - }, - { - "id": "custom.lineStyle", - "value": { - "fill": "dash", - "dash": [ - 4, - 10 - ] - } - } - ] - } - ] - }, - "maxDataPoints": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/disk_usage_nsm_percent_graph.json.jinja b/salt/grafana/panels/disk_usage_nsm_percent_graph.json.jinja deleted file mode 100644 index 7486b29d9..000000000 --- a/salt/grafana/panels/disk_usage_nsm_percent_graph.json.jinja +++ /dev/null @@ -1,149 +0,0 @@ -{ - "id": 47230, - "gridPos": { - "x": {{ PANELS.disk_usage_nsm_percent_graph.gridPos.x }}, - "y": {{ PANELS.disk_usage_nsm_percent_graph.gridPos.y }}, - "w": {{ PANELS.disk_usage_nsm_percent_graph.gridPos.w }}, - "h": {{ PANELS.disk_usage_nsm_percent_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Disk Usage /nsm", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "value": null, - "color": "green" - }, - { - "value": 80, - "color": "red" - } - ] - }, - "mappings": [], - "unit": "percent", - "decimals": 1, - "min": 0, - "max": 100 - }, - "overrides": [] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host $tag_role", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "role" - ], - "type": "tag" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(total) AS \"total\", mean(used) as \"used\" FROM \"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/nsm' AND $timeFilter GROUP BY time($__interval), \"host\", \"path\"", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - } - ], - "maxDataPoints": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/disk_usage_root_graph.json.jinja b/salt/grafana/panels/disk_usage_root_graph.json.jinja deleted file mode 100644 index 07ac20bbe..000000000 --- a/salt/grafana/panels/disk_usage_root_graph.json.jinja +++ /dev/null @@ -1,211 +0,0 @@ -{ - "id": 61880, - "gridPos": { - "x": {{ PANELS.disk_usage_root_graph.gridPos.x }}, - "y": {{ PANELS.disk_usage_root_graph.gridPos.y }}, - "w": {{ PANELS.disk_usage_root_graph.gridPos.w }}, - "h": {{ PANELS.disk_usage_root_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Disk Usage /", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "bottom", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: mountpoint $tag_path - $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(total) AS \"total\", mean(used) as \"used\" FROM \"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/' AND $timeFilter GROUP BY time($__interval), \"host\", \"path\"", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: mountpoint $tag_path - $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(mean_total) AS \"trend_total\", mean(mean_used) as \"trend_used\" FROM \"so_long_term\".\"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/' AND $timeFilter GROUP BY time($__interval), \"host\", \"path\" fill(linear)", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "stepAfter", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "unit": "bytes", - "min": 0, - "decimals": 1 - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/total/" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#C4162A", - "mode": "fixed" - } - }, - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "custom.lineWidth", - "value": 2 - } - ] - }, - { - "matcher": { - "id": "byRegexp", - "options": "/trend/" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "custom.lineWidth", - "value": 4 - }, - { - "id": "custom.lineStyle", - "value": { - "fill": "dash", - "dash": [ - 4, - 10 - ] - } - } - ] - } - ] - }, - "maxDataPoints": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/disk_usage_root_percent_graph.json.jinja b/salt/grafana/panels/disk_usage_root_percent_graph.json.jinja deleted file mode 100644 index 90cc3ff9b..000000000 --- a/salt/grafana/panels/disk_usage_root_percent_graph.json.jinja +++ /dev/null @@ -1,149 +0,0 @@ -{ - "id": 67830, - "gridPos": { - "x": {{ PANELS.disk_usage_root_percent_graph.gridPos.x }}, - "y": {{ PANELS.disk_usage_root_percent_graph.gridPos.y }}, - "w": {{ PANELS.disk_usage_root_percent_graph.gridPos.w }}, - "h": {{ PANELS.disk_usage_root_percent_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Disk Usage /", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "value": null, - "color": "green" - }, - { - "value": 80, - "color": "red" - } - ] - }, - "mappings": [], - "unit": "percent", - "decimals": 1, - "min": 0, - "max": 100 - }, - "overrides": [] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host $tag_role", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "role" - ], - "type": "tag" - }, - { - "params": [ - "none" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(total) AS \"total\", mean(used) as \"used\" FROM \"disk\" WHERE \"host\" =~ /$servername$/ AND \"path\" = '/' AND $timeFilter GROUP BY time($__interval), \"host\", \"path\"", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - } - ], - "maxDataPoints": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/elasticsearch_document_count_graph.json.jinja b/salt/grafana/panels/elasticsearch_document_count_graph.json.jinja deleted file mode 100644 index fd296aeb1..000000000 --- a/salt/grafana/panels/elasticsearch_document_count_graph.json.jinja +++ /dev/null @@ -1,193 +0,0 @@ -{ - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "gridPos": { - "x": {{ PANELS.elasticsearch_document_count_graph.gridPos.x }}, - "y": {{ PANELS.elasticsearch_document_count_graph.gridPos.y }}, - "w": {{ PANELS.elasticsearch_document_count_graph.gridPos.w }}, - "h": {{ PANELS.elasticsearch_document_count_graph.gridPos.h }} - }, - "id": 33, - "links": [], - "maxDataPoints": 750, - "nullPointMode": "connected", - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "docs_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ], - "alias": "Document Count Current" - }, - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_docs_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ], - "alias": "Document Count Trend", - "hide": false - } - ], - "thresholds": [], - "title": "Document Count", - "type": "graph", - "options": { - "alertThreshold": true - }, - "interval": "30s", - "pluginVersion": "7.5.4", - "renderer": "flot", - "yaxes": [ - { - "label": null, - "show": true, - "logBase": 1, - "min": null, - "max": null, - "format": "short", - "$$hashKey": "object:678" - }, - { - "label": null, - "show": true, - "logBase": 1, - "min": null, - "max": null, - "format": "short", - "$$hashKey": "object:679" - } - ], - "xaxis": { - "show": true, - "mode": "time", - "name": null, - "values": [], - "buckets": null - }, - "yaxis": { - "align": false, - "alignLevel": null - }, - "lines": true, - "fill": 1, - "linewidth": 1, - "dashLength": 10, - "spaceLength": 10, - "pointradius": 2, - "legend": { - "show": true, - "values": true, - "min": false, - "max": false, - "current": true, - "total": false, - "avg": false, - "alignAsTable": true, - "rightSide": false - }, - "tooltip": { - "value_type": "individual", - "shared": true, - "sort": 0 - }, - "aliasColors": {}, - "seriesOverrides": [ - { - "$$hashKey": "object:1050", - "alias": "/Trend/", - "fill": 0, - "linewidth": 4, - "dashes": true, - "dashLength": 4 - } - ], - "timeRegions": [], - "cacheTimeout": null, - "fillGradient": 0, - "dashes": false, - "hiddenSeries": false, - "points": false, - "bars": false, - "stack": false, - "percentage": false, - "steppedLine": false, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/elasticsearch_field_data_cache_size_graph.json.jinja b/salt/grafana/panels/elasticsearch_field_data_cache_size_graph.json.jinja deleted file mode 100644 index aee84c813..000000000 --- a/salt/grafana/panels/elasticsearch_field_data_cache_size_graph.json.jinja +++ /dev/null @@ -1,191 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "maxDataPoints": 750, - "interval": "30s", - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "x": {{ PANELS.elasticsearch_field_data_cache_size_graph.gridPos.x }}, - "y": {{ PANELS.elasticsearch_field_data_cache_size_graph.gridPos.y }}, - "w": {{ PANELS.elasticsearch_field_data_cache_size_graph.gridPos.w }}, - "h": {{ PANELS.elasticsearch_field_data_cache_size_graph.gridPos.h }} - }, - "hiddenSeries": false, - "id": 6363, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Size Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "fielddata_memory_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Size Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_fielddata_memory_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Fielddata Cache Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/elasticsearch_ingest_performance_nontc_graph.json.jinja b/salt/grafana/panels/elasticsearch_ingest_performance_nontc_graph.json.jinja deleted file mode 100644 index 0166ae4b6..000000000 --- a/salt/grafana/panels/elasticsearch_ingest_performance_nontc_graph.json.jinja +++ /dev/null @@ -1,796 +0,0 @@ -{ - "id": 445549, - "gridPos": { - "x": {{ PANELS.elasticsearch_ingest_performance_nontc_graph.gridPos.x }}, - "y": {{ PANELS.elasticsearch_ingest_performance_nontc_graph.gridPos.y }}, - "w": {{ PANELS.elasticsearch_ingest_performance_nontc_graph.gridPos.w }}, - "h": {{ PANELS.elasticsearch_ingest_performance_nontc_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Elastic Ingest Performance - $searchnode", - "repeat": "searchnode", - "repeatDirection": "v", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "decimals": 0, - "unit": "ms" - }, - "overrides": [] - }, - "options": { - "tooltip": { - "mode": "multi" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean" - ] - } - }, - "targets": [ - { - "alias": "community.id_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "ingest_processor_stats_community_id_time_in_millis" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_difference", - "params": [] - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$searchnode" - } - ] - }, - { - "alias": "conditionals_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "ingest_processor_stats_conditional_time_in_millis" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_difference", - "params": [] - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$searchnode" - } - ] - }, - { - "alias": "convert_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "ingest_processor_stats_convert_time_in_millis" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_difference", - "params": [] - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$searchnode" - } - ] - }, - { - "alias": "data.index.name_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "ingest_processor_stats_date_index_name_time_in_millis" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_difference", - "params": [] - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$searchnode" - } - ] - }, - { - "alias": "data_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "ingest_processor_stats_date_time_in_millis" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_difference", - "params": [] - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$searchnode" - } - ] - }, - { - "alias": "dissect_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "ingest_processor_stats_dissect_time_in_millis" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_difference", - "params": [] - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$searchnode" - } - ] - }, - { - "alias": "dot.expander_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "I", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "ingest_processor_stats_dot_expander_time_in_millis" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_difference", - "params": [] - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$searchnode" - } - ] - }, - { - "alias": "geoip_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "K", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "ingest_processor_stats_geoip_time_in_millis" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_difference", - "params": [] - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$searchnode" - } - ] - }, - { - "alias": "grok_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "L", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "ingest_processor_stats_grok_time_in_millis" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_difference", - "params": [] - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$searchnode" - } - ] - }, - { - "alias": "json_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "O", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "ingest_processor_stats_json_time_in_millis" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_difference", - "params": [] - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$searchnode" - } - ] - }, - { - "alias": "kv_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "P", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "ingest_processor_stats_kv_time_in_millis" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_difference", - "params": [] - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$searchnode" - } - ] - }, - { - "alias": "lowercase_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "Q", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "ingest_processor_stats_lowercase_time_in_millis" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_difference", - "params": [] - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$searchnode" - } - ] - }, - { - "alias": "remove_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "R", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "ingest_processor_stats_remove_time_in_millis" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_difference", - "params": [] - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$searchnode" - } - ] - }, - { - "alias": "rename_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "S", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "ingest_processor_stats_rename_time_in_millis" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_difference", - "params": [] - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$searchnode" - } - ] - }, - { - "alias": "script_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "T", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "ingest_processor_stats_script_time_in_millis" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_difference", - "params": [] - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$searchnode" - } - ] - }, - { - "alias": "url_decodes", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"role\" = 'manager') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "U", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "ingest_processor_stats_user_agent_time_in_millis" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_difference", - "params": [] - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$searchnode" - } - ] - } - ], - "description": "", - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/elasticsearch_ingest_performance_tc_graph.json.jinja b/salt/grafana/panels/elasticsearch_ingest_performance_tc_graph.json.jinja deleted file mode 100644 index aaf997836..000000000 --- a/salt/grafana/panels/elasticsearch_ingest_performance_tc_graph.json.jinja +++ /dev/null @@ -1,793 +0,0 @@ -{ - "id": 445548, - "gridPos": { - "x": {{ PANELS.elasticsearch_ingest_performance_tc_graph.gridPos.x }}, - "y": {{ PANELS.elasticsearch_ingest_performance_tc_graph.gridPos.y }}, - "w": {{ PANELS.elasticsearch_ingest_performance_tc_graph.gridPos.w }}, - "h": {{ PANELS.elasticsearch_ingest_performance_tc_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Elastic Ingest Performance", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "options": { - "tooltip": { - "mode": "multi" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean" - ] - } - }, - "targets": [ - { - "alias": "community.id_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "ingest_processor_stats_community_id_time_in_millis" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "cluster_name", - "operator": "=", - "value": "$cluster_name" - } - ] - }, - { - "alias": "conditionals_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "ingest_processor_stats_conditional_time_in_millis" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "cluster_name", - "operator": "=", - "value": "$cluster_name" - } - ] - }, - { - "alias": "convert_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "ingest_processor_stats_convert_time_in_millis" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "cluster_name", - "operator": "=", - "value": "$cluster_name" - } - ] - }, - { - "alias": "data.index.name_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "F", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "ingest_processor_stats_date_index_name_time_in_millis" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "cluster_name", - "operator": "=", - "value": "$cluster_name" - } - ] - }, - { - "alias": "data_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "G", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "ingest_processor_stats_date_time_in_millis" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "cluster_name", - "operator": "=", - "value": "$cluster_name" - } - ] - }, - { - "alias": "dissect_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "H", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "ingest_processor_stats_dissect_time_in_millis" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "cluster_name", - "operator": "=", - "value": "$cluster_name" - } - ] - }, - { - "alias": "dot.expander_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "I", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "ingest_processor_stats_dot_expander_time_in_millis" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "cluster_name", - "operator": "=", - "value": "$cluster_name" - } - ] - }, - { - "alias": "geoip_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "K", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "ingest_processor_stats_geoip_time_in_millis" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "cluster_name", - "operator": "=", - "value": "$cluster_name" - } - ] - }, - { - "alias": "grok_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "L", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "ingest_processor_stats_grok_time_in_millis" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "cluster_name", - "operator": "=", - "value": "$cluster_name" - } - ] - }, - { - "alias": "json_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "O", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "ingest_processor_stats_json_time_in_millis" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "cluster_name", - "operator": "=", - "value": "$cluster_name" - } - ] - }, - { - "alias": "kv_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "P", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "ingest_processor_stats_kv_time_in_millis" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "cluster_name", - "operator": "=", - "value": "$cluster_name" - } - ] - }, - { - "alias": "lowercase_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "Q", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "ingest_processor_stats_lowercase_time_in_millis" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "cluster_name", - "operator": "=", - "value": "$cluster_name" - } - ] - }, - { - "alias": "remove_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "R", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "ingest_processor_stats_remove_time_in_millis" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "cluster_name", - "operator": "=", - "value": "$cluster_name" - } - ] - }, - { - "alias": "rename_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "S", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "ingest_processor_stats_rename_time_in_millis" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "cluster_name", - "operator": "=", - "value": "$cluster_name" - } - ] - }, - { - "alias": "script_time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "T", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "ingest_processor_stats_script_time_in_millis" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "cluster_name", - "operator": "=", - "value": "$cluster_name" - } - ] - }, - { - "alias": "url_decodes", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_difference(mode(\"ingest_processor_stats_date_index_name_time_in_millis\")) FROM \"elasticsearch_clusterstats_nodes\" WHERE (\"cluster_name\" = '$cluster_name') AND $timeFilter GROUP BY time($__interval) fill(linear)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "U", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "ingest_processor_stats_user_agent_time_in_millis" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [], - "type": "non_negative_difference" - } - ] - ], - "tags": [ - { - "key": "cluster_name", - "operator": "=", - "value": "$cluster_name" - } - ] - } - ], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "unit": "ms" - }, - "overrides": [] - }, - "description": "", - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/elasticsearch_pipeline_time_nontc_graph.json.jinja b/salt/grafana/panels/elasticsearch_pipeline_time_nontc_graph.json.jinja deleted file mode 100644 index 2920ef314..000000000 --- a/salt/grafana/panels/elasticsearch_pipeline_time_nontc_graph.json.jinja +++ /dev/null @@ -1,153 +0,0 @@ -{ - "id": 445552, - "gridPos": { - "x": {{ PANELS.elasticsearch_pipeline_time_nontc_graph.gridPos.x }}, - "y": {{ PANELS.elasticsearch_pipeline_time_nontc_graph.gridPos.y }}, - "w": {{ PANELS.elasticsearch_pipeline_time_nontc_graph.gridPos.w }}, - "h": {{ PANELS.elasticsearch_pipeline_time_nontc_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Pipeline Time", - "datasource": "InfluxDB", - "interval": "30s", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "unit": "ms" - }, - "overrides": [] - }, - "options": { - "tooltip": { - "mode": "multi" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean" - ] - } - }, - "targets": [ - { - "alias": "$tag_host", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "ingest_processor_stats_pipeline_time_in_millis" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_difference", - "params": [] - } - ] - ], - "tags": [ - { - "key": "role", - "operator": "=~", - "value": "/search/" - }, - { - "key": "role", - "value": "heavynode", - "operator": "=", - "condition": "OR" - }, - { - "key": "role", - "value": "standalone", - "operator": "=", - "condition": "OR" - }, - { - "key": "role", - "value": "eval", - "operator": "=", - "condition": "OR" - } - ] - } - ] -} - - - - - - - diff --git a/salt/grafana/panels/elasticsearch_pipeline_time_tc_graph.json.jinja b/salt/grafana/panels/elasticsearch_pipeline_time_tc_graph.json.jinja deleted file mode 100644 index 42ac51038..000000000 --- a/salt/grafana/panels/elasticsearch_pipeline_time_tc_graph.json.jinja +++ /dev/null @@ -1,129 +0,0 @@ -{ - "id": 445552, - "gridPos": { - "x": {{ PANELS.elasticsearch_pipeline_time_tc_graph.gridPos.x }}, - "y": {{ PANELS.elasticsearch_pipeline_time_tc_graph.gridPos.y }}, - "w": {{ PANELS.elasticsearch_pipeline_time_tc_graph.gridPos.w }}, - "h": {{ PANELS.elasticsearch_pipeline_time_tc_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Pipeline Time", - "datasource": "InfluxDB", - "interval": "30s", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "unit": "ms" - }, - "overrides": [] - }, - "options": { - "tooltip": { - "mode": "multi" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean" - ] - } - }, - "targets": [ - { - "alias": "Time", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_clusterstats_nodes", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "ingest_processor_stats_pipeline_time_in_millis" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_difference", - "params": [] - } - ] - ], - "tags": [ - { - "key": "cluster_name", - "operator": "=", - "value": "$cluster_name" - } - ] - } - ] -} - - - - - - - diff --git a/salt/grafana/panels/elasticsearch_store_size_graph.json.jinja b/salt/grafana/panels/elasticsearch_store_size_graph.json.jinja deleted file mode 100644 index 554809b5c..000000000 --- a/salt/grafana/panels/elasticsearch_store_size_graph.json.jinja +++ /dev/null @@ -1,195 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "maxDataPoints": 750, - "interval": "30s", - "cacheTimeout": null, - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "x": {{ PANELS.elasticsearch_store_size_graph.gridPos.x }}, - "y": {{ PANELS.elasticsearch_store_size_graph.gridPos.y }}, - "w": {{ PANELS.elasticsearch_store_size_graph.gridPos.w }}, - "h": {{ PANELS.elasticsearch_store_size_graph.gridPos.h }} - }, - "hiddenSeries": false, - "id": 63442, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "hideEmpty": true, - "max": false, - "min": false, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "links": [], - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Size Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "store_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Size Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_indices", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_store_size_in_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Store Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/elasticsearch_thread_count_graph.json.jinja b/salt/grafana/panels/elasticsearch_thread_count_graph.json.jinja deleted file mode 100644 index e1d8edd98..000000000 --- a/salt/grafana/panels/elasticsearch_thread_count_graph.json.jinja +++ /dev/null @@ -1,192 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "maxDataPoints": 750, - "interval": "30s", - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "x": {{ PANELS.elasticsearch_thread_count_graph.gridPos.x }}, - "y": {{ PANELS.elasticsearch_thread_count_graph.gridPos.y }}, - "w": {{ PANELS.elasticsearch_thread_count_graph.gridPos.w }}, - "h": {{ PANELS.elasticsearch_thread_count_graph.gridPos.h }} - }, - "hiddenSeries": false, - "id": 56565, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Count Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "elasticsearch_jvm", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "threads_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Count Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "elasticsearch_jvm", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_threads_count" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Thread Count", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 0, - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/influxdb_db_size_graph.json.jinja b/salt/grafana/panels/influxdb_db_size_graph.json.jinja deleted file mode 100644 index 71d636fe9..000000000 --- a/salt/grafana/panels/influxdb_db_size_graph.json.jinja +++ /dev/null @@ -1,191 +0,0 @@ -{ - "aliasColors": {}, - "bars": false, - "maxDataPoints": 750, - "interval": "30s", - "dashLength": 10, - "dashes": false, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "links": [] - }, - "overrides": [] - }, - "fill": 1, - "fillGradient": 0, - "gridPos": { - "x": {{ PANELS.influxdb_db_size_graph.gridPos.x }}, - "y": {{ PANELS.influxdb_db_size_graph.gridPos.y }}, - "w": {{ PANELS.influxdb_db_size_graph.gridPos.w }}, - "h": {{ PANELS.influxdb_db_size_graph.gridPos.h }} - }, - "hiddenSeries": false, - "id": 69, - "legend": { - "alignAsTable": true, - "avg": true, - "current": true, - "hideEmpty": true, - "max": true, - "min": false, - "rightSide": false, - "show": true, - "sort": "current", - "sortDesc": true, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "percentage": false, - "pluginVersion": "7.5.4", - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [ - { - "alias": "/Trend/", - "dashLength": 4, - "dashes": true, - "fill": 0, - "linewidth": 4 - } - ], - "spaceLength": 10, - "stack": false, - "steppedLine": false, - "targets": [ - { - "alias": "Size Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "influxsize", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "kbytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - }, - { - "alias": "Size Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "influxsize", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_kbytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "InfluxDB Database Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "deckbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } -} diff --git a/salt/grafana/panels/io_wait_graph.json.jinja b/salt/grafana/panels/io_wait_graph.json.jinja deleted file mode 100644 index 9447563ec..000000000 --- a/salt/grafana/panels/io_wait_graph.json.jinja +++ /dev/null @@ -1,148 +0,0 @@ -{ - "id": 69011, - "gridPos": { - "x": {{ PANELS.io_wait_graph.gridPos.x }}, - "y": {{ PANELS.io_wait_graph.gridPos.y }}, - "w": {{ PANELS.io_wait_graph.gridPos.w }}, - "h": {{ PANELS.io_wait_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "IO Wait", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "value": null, - "color": "green" - }, - { - "value": 80, - "color": "red" - } - ] - }, - "mappings": [], - "unit": "percent", - "min": 0, - "decimals": 1 - }, - "overrides": [] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host $tag_role", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "role" - ], - "type": "tag" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "description": "", - "timeFrom": null, - "timeShift": null, - "interval": "30s" -} diff --git a/salt/grafana/panels/io_wait_stat.json.jinja b/salt/grafana/panels/io_wait_stat.json.jinja deleted file mode 100644 index 4fe4a3d8e..000000000 --- a/salt/grafana/panels/io_wait_stat.json.jinja +++ /dev/null @@ -1,125 +0,0 @@ -{ - "id": 61867, - "gridPos": { - "x": {{ PANELS.io_wait_stat.gridPos.x }}, - "y": {{ PANELS.io_wait_stat.gridPos.y }}, - "w": {{ PANELS.io_wait_stat.gridPos.w }}, - "h": {{ PANELS.io_wait_stat.gridPos.h }} - }, - "type": "stat", - "title": "IOWait", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "links": [], - "fieldConfig": { - "defaults": { - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "dark-green", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 40 - }, - { - "color": "dark-red", - "value": 50 - } - ] - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "color": { - "mode": "thresholds" - }, - "decimals": 2, - "max": 100, - "min": 0, - "unit": "percent" - }, - "overrides": [] - }, - "interval": "30", - "options": { - "reduceOptions": { - "values": false, - "calcs": [ - "lastNotNull" - ], - "fields": "" - }, - "orientation": "horizontal", - "text": {}, - "textMode": "auto", - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto" - }, - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "cpu", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(\"usage_iowait\"), 1s) FROM \"cpu\" WHERE (host =~ /$servername$/ AND \"cpu\" = 'cpu-total') AND $timeFilter GROUP BY time($interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_iowait" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "cpu", - "operator": "=", - "value": "cpu-total" - } - ] - } - ], - "maxDataPoints": null, - "cacheTimeout": null -} diff --git a/salt/grafana/panels/load_average_5_minute_stat.json.jinja b/salt/grafana/panels/load_average_5_minute_stat.json.jinja deleted file mode 100644 index 8198a8d19..000000000 --- a/salt/grafana/panels/load_average_5_minute_stat.json.jinja +++ /dev/null @@ -1,118 +0,0 @@ -{ - "id": 61859, - "gridPos": { - "x": {{ PANELS.load_average_5_minute_stat.gridPos.x }}, - "y": {{ PANELS.load_average_5_minute_stat.gridPos.y }}, - "w": {{ PANELS.load_average_5_minute_stat.gridPos.w }}, - "h": {{ PANELS.load_average_5_minute_stat.gridPos.h }} - }, - "type": "stat", - "title": "5 Minute Load Average - $cpucount Cores", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30", - "links": [], - "fieldConfig": { - "defaults": { - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": "$cpucount / 1.5" - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": "$cpucount" - } - ] - }, - "mappings": [ - { - "options": { - "from": null, - "result": { - "text": "N/A" - }, - "to": null - }, - "type": "range" - } - ], - "color": { - "mode": "thresholds" - }, - "decimals": 1, - "unit": "none" - }, - "overrides": [] - }, - "options": { - "reduceOptions": { - "values": false, - "calcs": [ - "lastNotNull" - ], - "fields": "" - }, - "orientation": "horizontal", - "text": {}, - "textMode": "auto", - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto" - }, - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT last(\"load5\") FROM \"system\" WHERE (\"host\" = '$servername') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "load5" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "cacheTimeout": null, - "maxDataPoints": null -} diff --git a/salt/grafana/panels/load_averages_graph.json.jinja b/salt/grafana/panels/load_averages_graph.json.jinja deleted file mode 100644 index b92a5ba6c..000000000 --- a/salt/grafana/panels/load_averages_graph.json.jinja +++ /dev/null @@ -1,187 +0,0 @@ -{ - "id": 61869, - "gridPos": { - "x": {{ PANELS.load_averages_graph.gridPos.x }}, - "y": {{ PANELS.load_averages_graph.gridPos.y }}, - "w": {{ PANELS.load_averages_graph.gridPos.w }}, - "h": {{ PANELS.load_averages_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "1 Minute Load Average", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "bottom", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(load1) as \"1 minute\", last(n_cpus) as \"Total Cores\" FROM \"system\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), * ORDER BY asc", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(mean_load1) as \"trend_1 minute\" FROM \"so_long_term\".\"system\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), * fill(linear) ORDER BY asc", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "unit": "short", - "decimals": 1 - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/trend/" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "custom.lineWidth", - "value": 4 - }, - { - "id": "custom.lineStyle", - "value": { - "fill": "dash", - "dash": [ - 4, - 10 - ] - } - } - ] - } - ] - }, - "maxDataPoints": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/logstash_eps_in_out_manager_graph.json.jinja b/salt/grafana/panels/logstash_eps_in_out_manager_graph.json.jinja deleted file mode 100644 index 7812ca0bd..000000000 --- a/salt/grafana/panels/logstash_eps_in_out_manager_graph.json.jinja +++ /dev/null @@ -1,403 +0,0 @@ -{ - "id": 77741, - "gridPos": { - "x": {{ PANELS.logstash_eps_in_out_manager_graph.gridPos.x }}, - "y": {{ PANELS.logstash_eps_in_out_manager_graph.gridPos.y }}, - "w": {{ PANELS.logstash_eps_in_out_manager_graph.gridPos.w }}, - "h": {{ PANELS.logstash_eps_in_out_manager_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Manager Logstash Events", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "description": "Events from the grid to redis", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 50, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "EPS", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "decimals": 2, - "unit": "short" - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/Incoming/" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "orange", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byRegexp", - "options": "/Outgoing/" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "green", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Incoming hidden" - }, - "properties": [ - { - "id": "custom.fillBelowTo", - "value": "Outgoing hidden" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Outgoing hidden" - }, - "properties": [ - { - "id": "custom.fillBelowTo", - "value": "Incoming hidden" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Incoming" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Outgoing" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - } - ] - }, - { - "matcher": { - "id": "byRegexp", - "options": "/hidden/" - }, - "properties": [ - { - "id": "custom.hideFrom", - "value": { - "legend": true, - "tooltip": true, - "viz": false - } - } - ] - } - ] - }, - "options": { - "tooltip": { - "mode": "multi" - }, - "legend": { - "displayMode": "table", - "placement": "bottom", - "calcs": [ - "max", - "mean" - ] - } - }, - "targets": [ - { - "alias": "Incoming", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "logstash_events", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "in" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_derivative", - "params": [ - "1s" - ] - } - ] - ], - "tags": [ - { - "key": "role", - "operator": "=~", - "value": "/^manager/" - }, - { - "key": "role", - "value": "standalone", - "operator": "=", - "condition": "OR" - }, - { - "key": "role", - "value": "eval", - "operator": "=", - "condition": "OR" - } - ] - }, - { - "alias": "Outgoing", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "logstash_events", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "out" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_derivative", - "params": [ - "1s" - ] - } - ] - ], - "tags": [ - { - "key": "role", - "operator": "=~", - "value": "/^manager/" - }, - { - "key": "role", - "value": "standalone", - "operator": "=", - "condition": "OR" - }, - { - "key": "role", - "value": "eval", - "operator": "=", - "condition": "OR" - } - ] - }, - { - "alias": "Incoming hidden", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "logstash_events", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "in" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_derivative", - "params": [ - "1s" - ] - } - ] - ], - "tags": [ - { - "key": "role", - "operator": "=~", - "value": "/^manager/" - }, - { - "key": "role", - "value": "standalone", - "operator": "=", - "condition": "OR" - }, - { - "key": "role", - "value": "eval", - "operator": "=", - "condition": "OR" - } - ] - }, - { - "alias": "Outgoing hidden", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - } - ], - "hide": false, - "measurement": "logstash_events", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "out" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_derivative", - "params": [ - "1s" - ] - } - ] - ], - "tags": [ - { - "key": "role", - "operator": "=~", - "value": "/^manager/" - }, - { - "key": "role", - "value": "standalone", - "operator": "=", - "condition": "OR" - }, - { - "key": "role", - "value": "eval", - "operator": "=", - "condition": "OR" - } - ] - } - ], - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/logstash_estimated_eps_in_graph.json.jinja b/salt/grafana/panels/logstash_estimated_eps_in_graph.json.jinja deleted file mode 100644 index c1c9ed39a..000000000 --- a/salt/grafana/panels/logstash_estimated_eps_in_graph.json.jinja +++ /dev/null @@ -1,230 +0,0 @@ -{ - "id": 76, - "gridPos": { - "x": {{ PANELS.logstash_estimated_eps_in_graph.gridPos.x }}, - "y": {{ PANELS.logstash_estimated_eps_in_graph.gridPos.y }}, - "w": {{ PANELS.logstash_estimated_eps_in_graph.gridPos.w }}, - "h": {{ PANELS.logstash_estimated_eps_in_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Estimated EPS In", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "EPS", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "value": null, - "color": "green" - }, - { - "value": 80, - "color": "red" - } - ] - }, - "mappings": [], - "unit": "short", - "decimals": 1 - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/trend/" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "custom.lineWidth", - "value": 4 - }, - { - "id": "custom.lineStyle", - "value": { - "fill": "dash", - "dash": [ - 4, - 10 - ] - } - } - ] - } - ] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "refId": "A", - "hide": false, - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "value": "/^$servername$/", - "operator": "=~" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "tag", - "params": [ - "host" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "in" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_derivative", - "params": [ - "1s" - ] - } - ] - ], - "measurement": "logstash_events", - "alias": "$tag_host: $col", - "query": "SELECT non_negative_derivative(mean(\"in\"), 1s) as \"current_in\" FROM \"logstash_events\" WHERE (\"host\" =~ /^$servername$/) AND $timeFilter GROUP BY time($__interval), \"host\" fill(null)", - "rawQuery": true - }, - { - "refId": "B", - "hide": false, - "policy": "so_long_term", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "value": "/^$servername$/", - "operator": "=~" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "tag", - "params": [ - "host" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "mean_in" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_derivative", - "params": [ - "1s" - ] - } - ] - ], - "measurement": "logstash_events", - "alias": "$tag_host: $col", - "query": "SELECT non_negative_derivative(mean(\"mean_in\"), 1s) as \"trend_in\" FROM \"so_long_term\".\"logstash_events\" WHERE (\"host\" =~ /^$servername$/) AND $timeFilter GROUP BY time($__interval), \"host\" fill(null)", - "rawQuery": true - } - ], - "maxDataPoints": null, - "description": "", - "timeFrom": null, - "timeShift": null, - "transformations": [] -} diff --git a/salt/grafana/panels/logstash_estimated_eps_in_stat.json.jinja b/salt/grafana/panels/logstash_estimated_eps_in_stat.json.jinja deleted file mode 100644 index f492dd4b9..000000000 --- a/salt/grafana/panels/logstash_estimated_eps_in_stat.json.jinja +++ /dev/null @@ -1,136 +0,0 @@ -{ - "id": 23, - "gridPos": { - "x": {{ PANELS.logstash_estimated_eps_in_stat.gridPos.x }}, - "y": {{ PANELS.logstash_estimated_eps_in_stat.gridPos.y }}, - "w": {{ PANELS.logstash_estimated_eps_in_stat.gridPos.w }}, - "h": {{ PANELS.logstash_estimated_eps_in_stat.gridPos.h }} - }, - "type": "stat", - "title": "Estimated EPS In - Selected Total", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "links": [], - "fieldConfig": { - "defaults": { - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "dark-red", - "value": null - }, - { - "color": "dark-green", - "value": 1 - } - ] - }, - "mappings": [ - { - "type": "special", - "options": { - "match": "null", - "result": { - "text": "N/A" - } - } - } - ], - "color": { - "mode": "thresholds" - }, - "decimals": 0, - "unit": "short" - }, - "overrides": [] - }, - "options": { - "reduceOptions": { - "values": false, - "calcs": [ - "lastNotNull" - ], - "fields": "" - }, - "orientation": "horizontal", - "text": {}, - "textMode": "value", - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto" - }, - "targets": [ - { - "refId": "A", - "hide": false, - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "value": "/^$servername$/", - "operator": "=~" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "tag", - "params": [ - "host" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "in" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_derivative", - "params": [ - "1s" - ] - } - ] - ], - "measurement": "logstash_events" - } - ], - "transformations": [ - { - "id": "calculateField", - "options": { - "mode": "reduceRow", - "reduce": { - "reducer": "sum" - }, - "replaceFields": true - } - } - ], - "maxDataPoints": null, - "cacheTimeout": null, - "timeFrom": null -} diff --git a/salt/grafana/panels/logstash_estimated_eps_in_total_graph.json.jinja b/salt/grafana/panels/logstash_estimated_eps_in_total_graph.json.jinja deleted file mode 100644 index 42399b5ca..000000000 --- a/salt/grafana/panels/logstash_estimated_eps_in_total_graph.json.jinja +++ /dev/null @@ -1,156 +0,0 @@ -{ - "id": 69001, - "gridPos": { - "x": {{ PANELS.logstash_estimated_eps_in_total_graph.gridPos.x }}, - "y": {{ PANELS.logstash_estimated_eps_in_total_graph.gridPos.y }}, - "w": {{ PANELS.logstash_estimated_eps_in_total_graph.gridPos.w }}, - "h": {{ PANELS.logstash_estimated_eps_in_total_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Estimated EPS In - Selected Total", - "transformations": [ - { - "id": "calculateField", - "options": { - "mode": "reduceRow", - "reduce": { - "reducer": "sum" - }, - "replaceFields": true, - "alias": "Total EPS" - } - } - ], - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "EPS", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "value": null, - "color": "green" - }, - { - "value": 80, - "color": "red" - } - ] - }, - "mappings": [], - "unit": "short", - "decimals": 1 - }, - "overrides": [] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "refId": "A", - "hide": false, - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "value": "/^$servername$/", - "operator": "=~" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "tag", - "params": [ - "host" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "in" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_derivative", - "params": [ - "1s" - ] - } - ] - ], - "measurement": "logstash_events", - "query": "SELECT non_negative_derivative(mean(\"in\"), 1s) FROM \"logstash_events\" WHERE (\"host\" =~ /^$servername$/) AND $timeFilter GROUP BY time($__interval), \"host\" fill(null)", - "rawQuery": false - } - ], - "maxDataPoints": null, - "description": "", - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/logstash_estimated_eps_out_graph.json.jinja b/salt/grafana/panels/logstash_estimated_eps_out_graph.json.jinja deleted file mode 100644 index 16878ee6e..000000000 --- a/salt/grafana/panels/logstash_estimated_eps_out_graph.json.jinja +++ /dev/null @@ -1,230 +0,0 @@ -{ - "id": 69000, - "gridPos": { - "x": {{ PANELS.logstash_estimated_eps_out_graph.gridPos.x }}, - "y": {{ PANELS.logstash_estimated_eps_out_graph.gridPos.y }}, - "w": {{ PANELS.logstash_estimated_eps_out_graph.gridPos.w }}, - "h": {{ PANELS.logstash_estimated_eps_out_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Estimated EPS Out", - "transformations": [], - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "EPS", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "value": null, - "color": "green" - }, - { - "value": 80, - "color": "red" - } - ] - }, - "mappings": [], - "unit": "short", - "decimals": 1 - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/trend/" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "custom.lineWidth", - "value": 4 - }, - { - "id": "custom.lineStyle", - "value": { - "fill": "dash", - "dash": [ - 4, - 10 - ] - } - } - ] - } - ] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "refId": "A", - "hide": false, - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "value": "/^$servername$/", - "operator": "=~" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "tag", - "params": [ - "host" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "in" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_derivative", - "params": [ - "1s" - ] - } - ] - ], - "measurement": "logstash_events", - "alias": "$tag_host: $col", - "query": "SELECT non_negative_derivative(mean(\"out\"), 1s) as \"current_out\" FROM \"logstash_events\" WHERE (\"host\" =~ /^$servername$/) AND $timeFilter GROUP BY time($__interval), \"host\" fill(null)", - "rawQuery": true - }, - { - "refId": "B", - "hide": false, - "policy": "so_long_term", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "value": "/^$servername$/", - "operator": "=~" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "tag", - "params": [ - "host" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "mean_in" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_derivative", - "params": [ - "1s" - ] - } - ] - ], - "measurement": "logstash_events", - "alias": "$tag_host: $col", - "query": "SELECT non_negative_derivative(mean(\"mean_out\"), 1s) as \"trend_out\" FROM \"so_long_term\".\"logstash_events\" WHERE (\"host\" =~ /^$servername$/) AND $timeFilter GROUP BY time($__interval), \"host\" fill(null)", - "rawQuery": true - } - ], - "maxDataPoints": null, - "description": "", - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/logstash_estimated_eps_out_stat.json.jinja b/salt/grafana/panels/logstash_estimated_eps_out_stat.json.jinja deleted file mode 100644 index dc87661f5..000000000 --- a/salt/grafana/panels/logstash_estimated_eps_out_stat.json.jinja +++ /dev/null @@ -1,136 +0,0 @@ -{ - "id": 22323, - "gridPos": { - "x": {{ PANELS.logstash_estimated_eps_out_stat.gridPos.x }}, - "y": {{ PANELS.logstash_estimated_eps_out_stat.gridPos.y }}, - "w": {{ PANELS.logstash_estimated_eps_out_stat.gridPos.w }}, - "h": {{ PANELS.logstash_estimated_eps_out_stat.gridPos.h }} - }, - "type": "stat", - "title": "Estimated EPS Out - Selected Total", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "links": [], - "fieldConfig": { - "defaults": { - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "dark-red", - "value": null - }, - { - "color": "dark-green", - "value": 1 - } - ] - }, - "mappings": [ - { - "type": "special", - "options": { - "match": "null", - "result": { - "text": "N/A" - } - } - } - ], - "color": { - "mode": "thresholds" - }, - "decimals": 0, - "unit": "short" - }, - "overrides": [] - }, - "options": { - "reduceOptions": { - "values": false, - "calcs": [ - "lastNotNull" - ], - "fields": "" - }, - "orientation": "horizontal", - "text": {}, - "textMode": "value", - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto" - }, - "targets": [ - { - "refId": "A", - "hide": false, - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "value": "/^$servername$/", - "operator": "=~" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "tag", - "params": [ - "host" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "out" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_derivative", - "params": [ - "1s" - ] - } - ] - ], - "measurement": "logstash_events" - } - ], - "transformations": [ - { - "id": "calculateField", - "options": { - "mode": "reduceRow", - "reduce": { - "reducer": "sum" - }, - "replaceFields": true - } - } - ], - "maxDataPoints": null, - "cacheTimeout": null, - "timeFrom": null -} diff --git a/salt/grafana/panels/logstash_estimated_eps_out_total_graph.json.jinja b/salt/grafana/panels/logstash_estimated_eps_out_total_graph.json.jinja deleted file mode 100644 index 3d1600c39..000000000 --- a/salt/grafana/panels/logstash_estimated_eps_out_total_graph.json.jinja +++ /dev/null @@ -1,156 +0,0 @@ -{ - "id": 69002, - "gridPos": { - "x": {{ PANELS.logstash_estimated_eps_out_total_graph.gridPos.x }}, - "y": {{ PANELS.logstash_estimated_eps_out_total_graph.gridPos.y }}, - "w": {{ PANELS.logstash_estimated_eps_out_total_graph.gridPos.w }}, - "h": {{ PANELS.logstash_estimated_eps_out_total_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Estimated EPS Out - Selected Total", - "transformations": [ - { - "id": "calculateField", - "options": { - "mode": "reduceRow", - "reduce": { - "reducer": "sum" - }, - "replaceFields": true, - "alias": "Total EPS" - } - } - ], - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "EPS", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "value": null, - "color": "green" - }, - { - "value": 80, - "color": "red" - } - ] - }, - "mappings": [], - "unit": "short", - "decimals": 1 - }, - "overrides": [] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "refId": "A", - "hide": false, - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "value": "/^$servername$/", - "operator": "=~" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "tag", - "params": [ - "host" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "out" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_derivative", - "params": [ - "1s" - ] - } - ] - ], - "measurement": "logstash_events", - "query": "SELECT non_negative_derivative(mean(\"in\"), 1s) FROM \"logstash_events\" WHERE (\"host\" =~ /^$servername$/) AND $timeFilter GROUP BY time($__interval), \"host\" fill(null)", - "rawQuery": false - } - ], - "maxDataPoints": null, - "description": "", - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/logstash_indexing_eps_in_out_searchnode_graph.json.jinja b/salt/grafana/panels/logstash_indexing_eps_in_out_searchnode_graph.json.jinja deleted file mode 100644 index ab7a569bb..000000000 --- a/salt/grafana/panels/logstash_indexing_eps_in_out_searchnode_graph.json.jinja +++ /dev/null @@ -1,411 +0,0 @@ -{ - "id": 445554, - "gridPos": { - "x": {{ PANELS.logstash_indexing_eps_in_out_searchnode_graph.gridPos.x }}, - "y": {{ PANELS.logstash_indexing_eps_in_out_searchnode_graph.gridPos.y }}, - "w": {{ PANELS.logstash_indexing_eps_in_out_searchnode_graph.gridPos.w }}, - "h": {{ PANELS.logstash_indexing_eps_in_out_searchnode_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Indexing Events Per Second - $searchnode", - "repeat": "searchnode", - "repeatDirection": "v", - "transformations": [], - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 50, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "EPS", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "decimals": 2, - "unit": "short" - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/Incoming/" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "orange", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byRegexp", - "options": "/Outgoing/" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "green", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Incoming hidden" - }, - "properties": [ - { - "id": "custom.fillBelowTo", - "value": "Outgoing hidden" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Incoming" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Outgoing" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Outgoing hidden" - }, - "properties": [ - { - "id": "custom.fillBelowTo", - "value": "Incoming hidden" - } - ] - }, - { - "matcher": { - "id": "byRegexp", - "options": "/hidden/" - }, - "properties": [ - { - "id": "custom.hideFrom", - "value": { - "legend": true, - "tooltip": true, - "viz": false - } - } - ] - } - ] - }, - "options": { - "tooltip": { - "mode": "multi" - }, - "legend": { - "displayMode": "table", - "placement": "bottom", - "calcs": [ - "max", - "mean" - ] - } - }, - "targets": [ - { - "alias": "Incoming", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "logstash_events", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(\"in\"), 1s) FROM \"logstash_events\" WHERE (\"role\" = \"searchnode\") AND $timeFilter GROUP BY time($__interval), \"host\" fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "in" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_derivative", - "params": [ - "1s" - ] - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$searchnode" - } - ] - }, - { - "alias": "Outgoing", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "logstash_events", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(\"in\"), 1s) FROM \"logstash_events\" WHERE (\"role\" = \"searchnode\") AND $timeFilter GROUP BY time($__interval), \"host\" fill(null)", - "rawQuery": false, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "out" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_derivative", - "params": [ - "1s" - ] - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$searchnode" - } - ] - }, - { - "alias": "Incoming hidden", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "logstash_events", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(\"in\"), 1s) FROM \"logstash_events\" WHERE (\"role\" = \"searchnode\") AND $timeFilter GROUP BY time($__interval), \"host\" fill(null)", - "rawQuery": false, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "in" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_derivative", - "params": [ - "1s" - ] - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$searchnode" - } - ] - }, - { - "alias": "Outgoing hidden", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "logstash_events", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(\"in\"), 1s) FROM \"logstash_events\" WHERE (\"role\" = \"searchnode\") AND $timeFilter GROUP BY time($__interval), \"host\" fill(null)", - "rawQuery": false, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "out" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_derivative", - "params": [ - "1s" - ] - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$searchnode" - } - ] - } - ], - "description": "", - "maxDataPoints": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/logstash_indexing_eps_in_searchnode_total_graph.json.jinja b/salt/grafana/panels/logstash_indexing_eps_in_searchnode_total_graph.json.jinja deleted file mode 100644 index 81876a606..000000000 --- a/salt/grafana/panels/logstash_indexing_eps_in_searchnode_total_graph.json.jinja +++ /dev/null @@ -1,170 +0,0 @@ -{ - "id": 69001, - "gridPos": { - "x": {{ PANELS.logstash_indexing_eps_in_searchnode_total_graph.gridPos.x }}, - "y": {{ PANELS.logstash_indexing_eps_in_searchnode_total_graph.gridPos.y }}, - "w": {{ PANELS.logstash_indexing_eps_in_searchnode_total_graph.gridPos.w }}, - "h": {{ PANELS.logstash_indexing_eps_in_searchnode_total_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Total Searchnode Indexing Events Per Second", - "transformations": [ - { - "id": "calculateField", - "options": { - "alias": "Total EPS", - "mode": "reduceRow", - "reduce": { - "reducer": "sum" - }, - "replaceFields": true - } - } - ], - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "EPS", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "fixed", - "fixedColor": "orange" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "decimals": 2, - "unit": "short" - }, - "overrides": [] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "bottom", - "calcs": [ - "max", - "mean" - ] - } - }, - "targets": [ - { - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "logstash_events", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(\"in\"), 1s) FROM \"logstash_events\" WHERE (\"role\" = \"searchnode\") AND $timeFilter GROUP BY time($__interval), \"host\" fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "in" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_derivative", - "params": [ - "1s" - ] - } - ] - ], - "tags": [ - { - "key": "role", - "operator": "=~", - "value": "/search/" - }, - { - "key": "role", - "value": "heavynode", - "operator": "=", - "condition": "OR" - }, - { - "key": "role", - "value": "standalone", - "operator": "=", - "condition": "OR" - }, - { - "key": "role", - "value": "eval", - "operator": "=", - "condition": "OR" - } - ] - } - ], - "description": "", - "maxDataPoints": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/management_interface_drops_graph.json.jinja b/salt/grafana/panels/management_interface_drops_graph.json.jinja deleted file mode 100644 index 9de6c8f19..000000000 --- a/salt/grafana/panels/management_interface_drops_graph.json.jinja +++ /dev/null @@ -1,282 +0,0 @@ -{ - "id": 61877, - "gridPos": { - "x": {{ PANELS.management_interface_drops_graph.gridPos.x }}, - "y": {{ PANELS.management_interface_drops_graph.gridPos.y }}, - "w": {{ PANELS.management_interface_drops_graph.gridPos.w }}, - "h": {{ PANELS.management_interface_drops_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Management Interface Drops", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "maxDataPoints": 750, - "interval": "30s", - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "bottom", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: $tag_interface: $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), host,interface fill(none)", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(drop_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), host,interface fill(none)", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(mean_drop_in), 1s) as \"trend_in\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), host,interface fill(none)", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(mean_drop_out), 1s) as \"trend_out\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), host,interface fill(none)", - "rawQuery": true, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "Drops per second", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "unit": "pps", - "min": 0, - "decimals": 1 - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/trend/" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "custom.lineWidth", - "value": 4 - }, - { - "id": "custom.lineStyle", - "value": { - "fill": "dash", - "dash": [ - 4, - 10 - ] - } - } - ] - }, - { - "matcher": { - "id": "byRegexp", - "options": "/veth/" - }, - "properties": [ - { - "id": "custom.hideFrom", - "value": { - "tooltip": true, - "viz": true, - "legend": true - } - } - ] - } - ] - }, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/management_interface_drops_inbound_graph.json.jinja b/salt/grafana/panels/management_interface_drops_inbound_graph.json.jinja deleted file mode 100644 index 1ca096743..000000000 --- a/salt/grafana/panels/management_interface_drops_inbound_graph.json.jinja +++ /dev/null @@ -1,142 +0,0 @@ -{ - "id": 61877, - "gridPos": { - "x": {{ PANELS.management_interface_drops_inbound_graph.gridPos.x }}, - "y": {{ PANELS.management_interface_drops_inbound_graph.gridPos.y }}, - "w": {{ PANELS.management_interface_drops_inbound_graph.gridPos.w }}, - "h": {{ PANELS.management_interface_drops_inbound_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Management Interface Drops - Inbound", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "Drops per second", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "value": null, - "color": "green" - }, - { - "value": 80, - "color": "red" - } - ] - }, - "mappings": [], - "unit": "pps", - "min": 0, - "decimals": 1 - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/veth/" - }, - "properties": [ - { - "id": "custom.hideFrom", - "value": { - "tooltip": true, - "viz": true, - "legend": true - } - } - ] - } - ] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: $tag_role", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), host,role fill(none)", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "maxDataPoints": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/management_interface_drops_outbound_graph.json.jinja b/salt/grafana/panels/management_interface_drops_outbound_graph.json.jinja deleted file mode 100644 index 91fcb5b22..000000000 --- a/salt/grafana/panels/management_interface_drops_outbound_graph.json.jinja +++ /dev/null @@ -1,142 +0,0 @@ -{ - "id": 188189, - "gridPos": { - "x": {{ PANELS.management_interface_drops_outbound_graph.gridPos.x }}, - "y": {{ PANELS.management_interface_drops_outbound_graph.gridPos.y }}, - "w": {{ PANELS.management_interface_drops_outbound_graph.gridPos.w }}, - "h": {{ PANELS.management_interface_drops_outbound_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Management Interface Drops - Outbound", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "Drops per second", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "value": null, - "color": "green" - }, - { - "value": 80, - "color": "red" - } - ] - }, - "mappings": [], - "unit": "pps", - "min": 0, - "decimals": 1 - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/veth/" - }, - "properties": [ - { - "id": "custom.hideFrom", - "value": { - "tooltip": true, - "viz": true, - "legend": true - } - } - ] - } - ] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: $tag_role", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(drop_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), host,role fill(none)", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "maxDataPoints": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/management_interface_packets_graph.json.jinja b/salt/grafana/panels/management_interface_packets_graph.json.jinja deleted file mode 100644 index b3e429f2f..000000000 --- a/salt/grafana/panels/management_interface_packets_graph.json.jinja +++ /dev/null @@ -1,283 +0,0 @@ -{ - "id": 61875, - "gridPos": { - "x": {{ PANELS.management_interface_packets_graph.gridPos.x }}, - "y": {{ PANELS.management_interface_packets_graph.gridPos.y }}, - "w": {{ PANELS.management_interface_packets_graph.gridPos.w }}, - "h": {{ PANELS.management_interface_packets_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Management Interface Packets", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "bottom", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: $tag_interface: $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(packets_recv), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [], - "hide": false - }, - { - "alias": "$tag_host: $tag_interface: $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(packets_sent), 1s) as \"out\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(mean_packets_recv), 1s) as \"trend_in\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(mean_packets_sent), 1s) as \"trend_out\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$manint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", - "rawQuery": true, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "Packets per second", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "unit": "pps", - "min": 0, - "decimals": 1 - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/trend/" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "custom.lineWidth", - "value": 4 - }, - { - "id": "custom.lineStyle", - "value": { - "fill": "dash", - "dash": [ - 4, - 10 - ] - } - } - ] - }, - { - "matcher": { - "id": "byRegexp", - "options": "/veth/" - }, - "properties": [ - { - "id": "custom.hideFrom", - "value": { - "tooltip": true, - "viz": true, - "legend": true - } - } - ] - } - ] - }, - "maxDataPoints": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/management_interface_traffic_both_graph.json.jinja b/salt/grafana/panels/management_interface_traffic_both_graph.json.jinja deleted file mode 100644 index e15bef885..000000000 --- a/salt/grafana/panels/management_interface_traffic_both_graph.json.jinja +++ /dev/null @@ -1,409 +0,0 @@ -{ - "id": 18, - "gridPos": { - "x": {{ PANELS.management_interface_traffic_both_graph.gridPos.x }}, - "y": {{ PANELS.management_interface_traffic_both_graph.gridPos.y }}, - "w": {{ PANELS.management_interface_traffic_both_graph.gridPos.w }}, - "h": {{ PANELS.management_interface_traffic_both_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Management Interface Traffic ", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "links": [], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 2, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "links": [], - "unit": "bps", - "decimals": 1 - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/Trend/" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "custom.lineWidth", - "value": 4 - }, - { - "id": "custom.lineStyle", - "value": { - "dash": [ - 4, - 10 - ], - "fill": "dash" - } - } - ] - } - ] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: $tag_interface: RX Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "interface" - ], - "type": "tag" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=~", - "value": "/^$manint$/" - } - ] - }, - { - "alias": "$tag_host: $tag_interface: TX Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "interface" - ], - "type": "tag" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=~", - "value": "/^$manint$/" - } - ] - }, - { - "alias": "$tag_host: $tag_interface: RX Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "interface" - ], - "type": "tag" - }, - { - "params": [ - "linear" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=~", - "value": "/^$manint$/" - } - ] - }, - { - "alias": "$tag_host: $tag_interface: TX Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "interface" - ], - "type": "tag" - }, - { - "params": [ - "linear" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=~", - "value": "/^$manint$/" - } - ] - } - ], - "description": "", - "maxDataPoints": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/management_interface_traffic_inbound_graph.json.jinja b/salt/grafana/panels/management_interface_traffic_inbound_graph.json.jinja deleted file mode 100644 index 3f876a18d..000000000 --- a/salt/grafana/panels/management_interface_traffic_inbound_graph.json.jinja +++ /dev/null @@ -1,164 +0,0 @@ -{ - "id": 18, - "gridPos": { - "x": {{ PANELS.management_interface_traffic_inbound_graph.gridPos.x }}, - "y": {{ PANELS.management_interface_traffic_inbound_graph.gridPos.y }}, - "w": {{ PANELS.management_interface_traffic_inbound_graph.gridPos.w }}, - "h": {{ PANELS.management_interface_traffic_inbound_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Management Interface Traffic - Inbound", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "links": [], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 2, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "value": null, - "color": "green" - }, - { - "value": 80, - "color": "red" - } - ] - }, - "mappings": [], - "links": [], - "unit": "bps", - "decimals": 1, - "min": 0 - }, - "overrides": [] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host $tag_role", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "role" - ], - "type": "tag" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(\"bytes_recv\"), 1s) *8 FROM \"net\" WHERE (\"host\" = '$servername' AND \"interface\" = '$manint') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=~", - "value": "/^$manint$/" - } - ] - } - ], - "maxDataPoints": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/management_interface_traffic_outbound_graph.json.jinja b/salt/grafana/panels/management_interface_traffic_outbound_graph.json.jinja deleted file mode 100644 index 48817d448..000000000 --- a/salt/grafana/panels/management_interface_traffic_outbound_graph.json.jinja +++ /dev/null @@ -1,162 +0,0 @@ -{ - "id": 69014, - "gridPos": { - "x": {{ PANELS.management_interface_traffic_outbound_graph.gridPos.x }}, - "y": {{ PANELS.management_interface_traffic_outbound_graph.gridPos.y }}, - "w": {{ PANELS.management_interface_traffic_outbound_graph.gridPos.w }}, - "h": {{ PANELS.management_interface_traffic_outbound_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Management Interface Traffic - Outbound", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "links": [], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 2, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "value": null, - "color": "green" - }, - { - "value": 80, - "color": "red" - } - ] - }, - "mappings": [], - "links": [], - "unit": "bps", - "decimals": 1, - "min": 0 - }, - "overrides": [] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host $tag_role", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "role" - ], - "type": "tag" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_sent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=~", - "value": "/^$manint$/" - } - ] - } - ], - "maxDataPoints": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/memory_usage_graph.json.jinja b/salt/grafana/panels/memory_usage_graph.json.jinja deleted file mode 100644 index 662eb18c1..000000000 --- a/salt/grafana/panels/memory_usage_graph.json.jinja +++ /dev/null @@ -1,208 +0,0 @@ -{ - "id": 61873, - "gridPos": { - "x": {{ PANELS.memory_usage_graph.gridPos.x }}, - "y": {{ PANELS.memory_usage_graph.gridPos.y }}, - "w": {{ PANELS.memory_usage_graph.gridPos.w }}, - "h": {{ PANELS.memory_usage_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Memory Usage", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(total) as total, mean(used) as used, mean(cached) as cached, mean(free) as free, mean(buffered) as buffered FROM \"mem\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host ORDER BY asc", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(mean_total) as trend_total, mean(mean_used) as trend_used, mean(mean_cached) as trend_cached, mean(mean_free) as trend_free, mean(mean_buffered) as trend_buffered FROM \"so_long_term\".\"mem\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host fill(linear) ORDER BY asc", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "unit": "bytes", - "min": 0, - "decimals": 1 - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/total/" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#C4162A", - "mode": "fixed" - } - }, - { - "id": "custom.fillOpacity", - "value": 0 - } - ] - }, - { - "matcher": { - "id": "byRegexp", - "options": "/trend/" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "custom.lineWidth", - "value": 4 - }, - { - "id": "custom.lineStyle", - "value": { - "fill": "dash", - "dash": [ - 4, - 10 - ] - } - } - ] - } - ] - }, - "maxDataPoints": null, - "description": "", - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/memory_usage_percent_graph.json.jinja b/salt/grafana/panels/memory_usage_percent_graph.json.jinja deleted file mode 100644 index 620c3ea72..000000000 --- a/salt/grafana/panels/memory_usage_percent_graph.json.jinja +++ /dev/null @@ -1,139 +0,0 @@ -{ - "id": 69013, - "gridPos": { - "x": {{ PANELS.memory_usage_percent_graph.gridPos.x }}, - "y": {{ PANELS.memory_usage_percent_graph.gridPos.y }}, - "w": {{ PANELS.memory_usage_percent_graph.gridPos.w }}, - "h": {{ PANELS.memory_usage_percent_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Memory Usage", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host $tag_role", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "role" - ], - "type": "tag" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - } - ] - } - ], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "unit": "percent", - "min": 0, - "decimals": 1 - }, - "overrides": [] - }, - "interval": "30s", - "description": "", - "timeFrom": null, - "timeShift": null, - "maxDataPoints": null -} diff --git a/salt/grafana/panels/memory_used_docker_combined_current_graph.json.jinja b/salt/grafana/panels/memory_used_docker_combined_current_graph.json.jinja deleted file mode 100644 index 8a5ee72ce..000000000 --- a/salt/grafana/panels/memory_used_docker_combined_current_graph.json.jinja +++ /dev/null @@ -1,143 +0,0 @@ -{ - "id": 102, - "gridPos": { - "x": {{ PANELS.memory_used_docker_combined_current_graph.gridPos.x }}, - "y": {{ PANELS.memory_used_docker_combined_current_graph.gridPos.y }}, - "w": {{ PANELS.memory_used_docker_combined_current_graph.gridPos.w }}, - "h": {{ PANELS.memory_used_docker_combined_current_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Container Memory Usage Current", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: $tag_container_name", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "container_name" - ], - "type": "tag" - }, - { - "type": "tag", - "params": [ - "host" - ] - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "usage_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=~", - "value": "/^$containers$/" - } - ] - } - ], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "unit": "percent", - "decimals": 1 - }, - "overrides": [] - }, - "maxDataPoints": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/memory_used_docker_combined_trend_graph.json.jinja b/salt/grafana/panels/memory_used_docker_combined_trend_graph.json.jinja deleted file mode 100644 index fb3aa402c..000000000 --- a/salt/grafana/panels/memory_used_docker_combined_trend_graph.json.jinja +++ /dev/null @@ -1,143 +0,0 @@ -{ - "id": 103, - "gridPos": { - "x": {{ PANELS.memory_used_docker_combined_trend_graph.gridPos.x }}, - "y": {{ PANELS.memory_used_docker_combined_trend_graph.gridPos.y }}, - "w": {{ PANELS.memory_used_docker_combined_trend_graph.gridPos.w }}, - "h": {{ PANELS.memory_used_docker_combined_trend_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Container Memory Usage Trend", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "maxDataPoints": 750, - "interval": "30s", - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: $tag_container_name", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "container_name" - ], - "type": "tag" - }, - { - "type": "tag", - "params": [ - "host" - ] - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_mem", - "orderByTime": "ASC", - "policy": "so_long_term", - "queryType": "randomWalk", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "mean_usage_percent" - ] - }, - { - "type": "mean", - "params": [] - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=~", - "value": "/^$containers$/" - } - ] - } - ], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": true, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "unit": "percent", - "decimals": 1 - }, - "overrides": [] - }, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/monitor_interface_drops_graph.json.jinja b/salt/grafana/panels/monitor_interface_drops_graph.json.jinja deleted file mode 100644 index 993926156..000000000 --- a/salt/grafana/panels/monitor_interface_drops_graph.json.jinja +++ /dev/null @@ -1,282 +0,0 @@ -{ - "id": 61387, - "gridPos": { - "x": {{ PANELS.monitor_interface_drops_graph.gridPos.x }}, - "y": {{ PANELS.monitor_interface_drops_graph.gridPos.y }}, - "w": {{ PANELS.monitor_interface_drops_graph.gridPos.w }}, - "h": {{ PANELS.monitor_interface_drops_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Monitor Interface Drops", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "maxDataPoints": 750, - "interval": "30s", - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "bottom", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: $tag_interface: $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), host,interface fill(none)", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(drop_out), 1s) as \"out\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), host,interface fill(none)", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(mean_drop_in), 1s) as \"trend_in\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), host,interface fill(none)", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(mean_drop_out), 1s) as \"trend_out\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), host,interface fill(none)", - "rawQuery": true, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "Drops per second", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "unit": "pps", - "min": 0, - "decimals": 1 - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/trend/" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "custom.lineWidth", - "value": 4 - }, - { - "id": "custom.lineStyle", - "value": { - "fill": "dash", - "dash": [ - 4, - 10 - ] - } - } - ] - }, - { - "matcher": { - "id": "byRegexp", - "options": "/veth/" - }, - "properties": [ - { - "id": "custom.hideFrom", - "value": { - "tooltip": true, - "viz": true, - "legend": true - } - } - ] - } - ] - }, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/monitor_interface_drops_inbound_graph.json.jinja b/salt/grafana/panels/monitor_interface_drops_inbound_graph.json.jinja deleted file mode 100644 index 2c4574f84..000000000 --- a/salt/grafana/panels/monitor_interface_drops_inbound_graph.json.jinja +++ /dev/null @@ -1,125 +0,0 @@ -{ - "id": 188190, - "gridPos": { - "x": {{ PANELS.monitor_interface_drops_inbound_graph.gridPos.x }}, - "y": {{ PANELS.monitor_interface_drops_inbound_graph.gridPos.y }}, - "w": {{ PANELS.monitor_interface_drops_inbound_graph.gridPos.w }}, - "h": {{ PANELS.monitor_interface_drops_inbound_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Monitor Interface Drops - Inbound", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "Drops per second", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "value": null, - "color": "green" - }, - { - "value": 80, - "color": "red" - } - ] - }, - "mappings": [], - "unit": "pps", - "min": 0, - "decimals": 1 - }, - "overrides": [] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: $tag_role", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(drop_in), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), host,role fill(none)", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "maxDataPoints": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/monitor_interface_packets_graph.json.jinja b/salt/grafana/panels/monitor_interface_packets_graph.json.jinja deleted file mode 100644 index 4c44fdb87..000000000 --- a/salt/grafana/panels/monitor_interface_packets_graph.json.jinja +++ /dev/null @@ -1,282 +0,0 @@ -{ - "id": 61878, - "gridPos": { - "x": {{ PANELS.monitor_interface_packets_graph.gridPos.x }}, - "y": {{ PANELS.monitor_interface_packets_graph.gridPos.y }}, - "w": {{ PANELS.monitor_interface_packets_graph.gridPos.w }}, - "h": {{ PANELS.monitor_interface_packets_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Monitor Interface Packets", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "maxDataPoints": 750, - "interval": "30s", - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "bottom", - "calcs": [ - "max", - "mean", - "last" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: $tag_interface: $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(packets_recv), 1s) as \"in\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(packets_sent), 1s) as \"out\" FROM \"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(mean_packets_recv), 1s) as \"trend_in\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "C", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $tag_interface: $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(mean_packets_sent), 1s) as \"trend_out\" FROM \"so_long_term\".\"net\" WHERE host =~ /$servername/ AND interface =~ /$monint/ AND $timeFilter GROUP BY time($__interval), * fill(none)", - "rawQuery": true, - "refId": "D", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "Packets per second", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "unit": "pps", - "min": 0, - "decimals": 1 - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/trend/" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "custom.lineWidth", - "value": 4 - }, - { - "id": "custom.lineStyle", - "value": { - "fill": "dash", - "dash": [ - 4, - 10 - ] - } - } - ] - }, - { - "matcher": { - "id": "byRegexp", - "options": "/veth/" - }, - "properties": [ - { - "id": "custom.hideFrom", - "value": { - "tooltip": true, - "viz": true, - "legend": true - } - } - ] - } - ] - }, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/monitor_interface_traffic_both_graph.json.jinja b/salt/grafana/panels/monitor_interface_traffic_both_graph.json.jinja deleted file mode 100644 index 3c1a6fc74..000000000 --- a/salt/grafana/panels/monitor_interface_traffic_both_graph.json.jinja +++ /dev/null @@ -1,276 +0,0 @@ -{ - "id": 10, - "gridPos": { - "x": {{ PANELS.monitor_interface_traffic_both_graph.gridPos.x }}, - "y": {{ PANELS.monitor_interface_traffic_both_graph.gridPos.y }}, - "w": {{ PANELS.monitor_interface_traffic_both_graph.gridPos.w }}, - "h": {{ PANELS.monitor_interface_traffic_both_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Monitor Interface Traffic", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "links": [], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 2, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "links": [], - "unit": "bps", - "decimals": 1 - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/Trend/" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "custom.lineWidth", - "value": 4 - }, - { - "id": "custom.lineStyle", - "value": { - "dash": [ - 4, - 10 - ], - "fill": "dash" - } - } - ] - }, - { - "matcher": { - "id": "byRegexp", - "options": "/veth/" - }, - "properties": [ - { - "id": "custom.hideFrom", - "value": { - "tooltip": true, - "viz": true, - "legend": true - } - } - ] - } - ] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "last" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: $tag_interface: RX Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "interface" - ], - "type": "tag" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=~", - "value": "/^$monint$/" - } - ] - }, - { - "alias": "$tag_host: $tag_interface: RX Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "interface" - ], - "type": "tag" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "net", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=~", - "value": "/^$monint$/" - } - ] - } - ], - "description": "", - "maxDataPoints": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/monitor_interface_traffic_inbound_graph.json.jinja b/salt/grafana/panels/monitor_interface_traffic_inbound_graph.json.jinja deleted file mode 100644 index 5365bd3ac..000000000 --- a/salt/grafana/panels/monitor_interface_traffic_inbound_graph.json.jinja +++ /dev/null @@ -1,167 +0,0 @@ -{ - "id": 188188, - "gridPos": { - "x": {{ PANELS.monitor_interface_traffic_inbound_graph.gridPos.x }}, - "y": {{ PANELS.monitor_interface_traffic_inbound_graph.gridPos.y }}, - "w": {{ PANELS.monitor_interface_traffic_inbound_graph.gridPos.w }}, - "h": {{ PANELS.monitor_interface_traffic_inbound_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Monitor Interface Traffic - Inbound", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "links": [], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 2, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - }, - "lineStyle": { - "fill": "solid" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "value": null, - "color": "green" - }, - { - "value": 80, - "color": "red" - } - ] - }, - "mappings": [], - "links": [], - "unit": "bps", - "decimals": 1, - "min": 0 - }, - "overrides": [] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host $tag_role", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "role" - ], - "type": "tag" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(\"bytes_recv\"), 1s) *8 FROM \"net\" WHERE (\"host\" = '$servername' AND \"interface\" = '$monint') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=~", - "value": "/^$monint$/" - } - ] - } - ], - "maxDataPoints": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/monitor_interface_traffic_inbound_total_graph.json.jinja b/salt/grafana/panels/monitor_interface_traffic_inbound_total_graph.json.jinja deleted file mode 100644 index 67e92668d..000000000 --- a/salt/grafana/panels/monitor_interface_traffic_inbound_total_graph.json.jinja +++ /dev/null @@ -1,178 +0,0 @@ -{ - "id": 224244, - "gridPos": { - "x": {{ PANELS.monitor_interface_traffic_inbound_total_graph.gridPos.x }}, - "y": {{ PANELS.monitor_interface_traffic_inbound_total_graph.gridPos.y }}, - "w": {{ PANELS.monitor_interface_traffic_inbound_total_graph.gridPos.w }}, - "h": {{ PANELS.monitor_interface_traffic_inbound_total_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Monitor Traffic - Selected Total", - "transformations": [ - { - "id": "calculateField", - "options": { - "alias": "Total Monitor Traffic", - "mode": "reduceRow", - "reduce": { - "reducer": "sum" - }, - "replaceFields": true - } - } - ], - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "links": [], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "auto", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(245, 54, 54, 0.9)", - "value": null - }, - { - "color": "rgba(50, 172, 45, 0.97)", - "value": 1 - } - ] - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "decimals": 1, - "unit": "bps" - }, - "overrides": [] - }, - "interval": "30s", - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "none" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(\"bytes_recv\"), 1s) *8 FROM \"net\" WHERE (\"host\" =~ /^$servername$/ AND \"interface\" = '$monint') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "bytes_recv" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=~", - "value": "/^$monint$/" - } - ] - } - ], - "cacheTimeout": null, - "description": "", - "maxDataPoints": null -} diff --git a/salt/grafana/panels/monitor_interface_traffic_stat.json.jinja b/salt/grafana/panels/monitor_interface_traffic_stat.json.jinja deleted file mode 100644 index 283d93f7a..000000000 --- a/salt/grafana/panels/monitor_interface_traffic_stat.json.jinja +++ /dev/null @@ -1,152 +0,0 @@ -{ - "id": 24, - "gridPos": { - "x": {{ PANELS.monitor_interface_traffic_stat.gridPos.x }}, - "y": {{ PANELS.monitor_interface_traffic_stat.gridPos.y }}, - "w": {{ PANELS.monitor_interface_traffic_stat.gridPos.w }}, - "h": {{ PANELS.monitor_interface_traffic_stat.gridPos.h }} - }, - "type": "stat", - "title": "Monitor Traffic - Selected Total", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "links": [], - "fieldConfig": { - "defaults": { - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(245, 54, 54, 0.9)", - "value": null - }, - { - "color": "rgba(50, 172, 45, 0.97)", - "value": 1 - } - ] - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "color": { - "mode": "thresholds" - }, - "decimals": 2, - "unit": "bps" - }, - "overrides": [] - }, - "options": { - "reduceOptions": { - "values": false, - "calcs": [ - "lastNotNull" - ], - "fields": "" - }, - "orientation": "horizontal", - "text": {}, - "textMode": "value", - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto" - }, - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "type": "tag", - "params": [ - "host" - ] - }, - { - "params": [ - "none" - ], - "type": "fill" - } - ], - "measurement": "net", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "bytes_recv" - ] - }, - { - "type": "mean", - "params": [] - }, - { - "type": "non_negative_derivative", - "params": [ - "1s" - ] - }, - { - "type": "math", - "params": [ - "*8" - ] - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "interface", - "operator": "=~", - "value": "/^$monint$/" - } - ], - "query": "SELECT non_negative_derivative(mean(\"bytes_recv\"), 1s) *8 FROM \"net\" WHERE (\"host\" =~ /^$servername$/ AND \"interface\" = '$monint') AND $timeFilter GROUP BY time($__interval) fill(null)", - "rawQuery": false - } - ], - "maxDataPoints": null, - "cacheTimeout": null, - "interval": null, - "transformations": [ - { - "id": "calculateField", - "options": { - "mode": "reduceRow", - "reduce": { - "reducer": "sum" - }, - "alias": "Monitor Traffic", - "replaceFields": true - } - } - ], - "description": "" -} diff --git a/salt/grafana/panels/network_usage_docker_combined_current_graph.json.jinja b/salt/grafana/panels/network_usage_docker_combined_current_graph.json.jinja deleted file mode 100644 index 9a9d81504..000000000 --- a/salt/grafana/panels/network_usage_docker_combined_current_graph.json.jinja +++ /dev/null @@ -1,232 +0,0 @@ -{ - "id": 61868, - "gridPos": { - "x": {{ PANELS.network_usage_docker_combined_current_graph.gridPos.x }}, - "y": {{ PANELS.network_usage_docker_combined_current_graph.gridPos.y }}, - "w": {{ PANELS.network_usage_docker_combined_current_graph.gridPos.w }}, - "h": {{ PANELS.network_usage_docker_combined_current_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Container Network Usage Current", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: $tag_container_name RX", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "container_name" - ], - "type": "tag" - }, - { - "type": "tag", - "params": [ - "host" - ] - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=~", - "value": "/^$containers$/" - } - ], - "hide": false - }, - { - "alias": "$tag_host: $tag_container_name TX", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "container_name" - ], - "type": "tag" - }, - { - "type": "tag", - "params": [ - "host" - ] - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=~", - "value": "/^$containers$/" - } - ] - } - ], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 5, - "gradientMode": "none", - "spanNulls": true, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "unit": "bps", - "decimals": 1 - }, - "overrides": [] - }, - "maxDataPoints": null, - "description": "", - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/network_usage_docker_combined_trend_graph.json.jinja b/salt/grafana/panels/network_usage_docker_combined_trend_graph.json.jinja deleted file mode 100644 index b8dc975d8..000000000 --- a/salt/grafana/panels/network_usage_docker_combined_trend_graph.json.jinja +++ /dev/null @@ -1,231 +0,0 @@ -{ - "id": 61461, - "gridPos": { - "x": {{ PANELS.network_usage_docker_combined_trend_graph.gridPos.x }}, - "y": {{ PANELS.network_usage_docker_combined_trend_graph.gridPos.y }}, - "w": {{ PANELS.network_usage_docker_combined_trend_graph.gridPos.w }}, - "h": {{ PANELS.network_usage_docker_combined_trend_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Container Network Usage Trend", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "5m", - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: $tag_container_name RX", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "container_name" - ], - "type": "tag" - }, - { - "type": "tag", - "params": [ - "host" - ] - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "queryType": "randomWalk", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_rx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=~", - "value": "/^$containers$/" - } - ] - }, - { - "alias": "$tag_host: $tag_container_name TX", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "container_name" - ], - "type": "tag" - }, - { - "type": "tag", - "params": [ - "host" - ] - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "docker_container_net", - "orderByTime": "ASC", - "policy": "so_long_term", - "queryType": "randomWalk", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_tx_bytes" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "1s" - ], - "type": "non_negative_derivative" - }, - { - "params": [ - "*8" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=~", - "value": "/^$containers$/" - } - ] - } - ], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 5, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "unit": "bps", - "decimals": 1 - }, - "overrides": [] - }, - "maxDataPoints": null, - "description": "", - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/nsm_used_guage.json.jinja b/salt/grafana/panels/nsm_used_guage.json.jinja deleted file mode 100644 index 3175d3bfd..000000000 --- a/salt/grafana/panels/nsm_used_guage.json.jinja +++ /dev/null @@ -1,121 +0,0 @@ -{ - "id": 12, - "gridPos": { - "x": {{ PANELS.nsm_used_guage.gridPos.x }}, - "y": {{ PANELS.nsm_used_guage.gridPos.y }}, - "w": {{ PANELS.nsm_used_guage.gridPos.w }}, - "h": {{ PANELS.nsm_used_guage.gridPos.h }} - }, - "type": "gauge", - "title": "NSM used", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "links": [], - "fieldConfig": { - "defaults": { - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 85 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 95 - } - ] - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "color": { - "mode": "thresholds" - }, - "decimals": 0, - "max": 100, - "min": 0, - "unit": "percent" - }, - "overrides": [] - }, - "interval": "30", - "options": { - "reduceOptions": { - "values": false, - "calcs": [ - "lastNotNull" - ], - "fields": "" - }, - "orientation": "horizontal", - "showThresholdLabels": false, - "showThresholdMarkers": true, - "text": {} - }, - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/nsm" - } - ] - } - ], - "maxDataPoints": null, - "cacheTimeout": null -} diff --git a/salt/grafana/panels/pcap_retention_stat.json.jinja b/salt/grafana/panels/pcap_retention_stat.json.jinja deleted file mode 100644 index 138b18e6b..000000000 --- a/salt/grafana/panels/pcap_retention_stat.json.jinja +++ /dev/null @@ -1,113 +0,0 @@ -{ - "id": 26, - "gridPos": { - "x": {{ PANELS.pcap_retention_stat.gridPos.x }}, - "y": {{ PANELS.pcap_retention_stat.gridPos.y }}, - "w": {{ PANELS.pcap_retention_stat.gridPos.w }}, - "h": {{ PANELS.pcap_retention_stat.gridPos.h }} - }, - "type": "stat", - "title": "PCAP Retention", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "links": [], - "fieldConfig": { - "defaults": { - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "color": { - "mode": "thresholds" - }, - "decimals": 2, - "unit": "d" - }, - "overrides": [] - }, - "interval": "30", - "options": { - "reduceOptions": { - "values": false, - "calcs": [ - "lastNotNull" - ], - "fields": "" - }, - "orientation": "horizontal", - "text": {}, - "textMode": "value", - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto" - }, - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "pcapage", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "seconds" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "/86400" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "maxDataPoints": null, - "cacheTimeout": null -} diff --git a/salt/grafana/panels/process_status_graph.json.jinja b/salt/grafana/panels/process_status_graph.json.jinja deleted file mode 100644 index 302175c36..000000000 --- a/salt/grafana/panels/process_status_graph.json.jinja +++ /dev/null @@ -1,203 +0,0 @@ -{ - "id": 61852, - "gridPos": { - "x": {{ PANELS.process_status_graph.gridPos.x }}, - "y": {{ PANELS.process_status_graph.gridPos.y }}, - "w": {{ PANELS.process_status_graph.gridPos.w }}, - "h": {{ PANELS.process_status_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Process Status", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "links": [], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "links": [], - "unit": "short", - "decimals": 1 - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/trend/" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "custom.lineWidth", - "value": 4 - }, - { - "id": "custom.lineStyle", - "value": { - "fill": "dash", - "dash": [ - 4, - 10 - ] - } - } - ] - } - ] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "bottom", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: $col", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(running) as running, mean(blocked) as blocked, mean(sleeping) as sleeping, mean(stopped) as stopped, mean(zombies) as zombies, mean(paging) as paging, mean(unknown) as unknown FROM \"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host ORDER BY asc", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "blocked" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - }, - { - "alias": "$tag_host: $col", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "processes", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT mean(mean_running) as trend_running, mean(mean_blocked) as trend_blocked, mean(mean_sleeping) as trend_sleeping, mean(mean_stopped) as trend_stopped, mean(mean_zombies) as trend_zombies, mean(mean_paging) as trend_paging, mean(mean_unknown) as trend_unknown FROM \"so_long_term\".\"processes\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host fill(linear) ORDER BY asc", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "blocked" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$server$/" - } - ] - } - ], - "maxDataPoints": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/ram_usage_guage.json.jinja b/salt/grafana/panels/ram_usage_guage.json.jinja deleted file mode 100644 index 813b9cba8..000000000 --- a/salt/grafana/panels/ram_usage_guage.json.jinja +++ /dev/null @@ -1,114 +0,0 @@ -{ - "id": 61860, - "gridPos": { - "x": {{ PANELS.ram_usage_guage.gridPos.x }}, - "y": {{ PANELS.ram_usage_guage.gridPos.y }}, - "w": {{ PANELS.ram_usage_guage.gridPos.w }}, - "h": {{ PANELS.ram_usage_guage.gridPos.h }} - }, - "type": "gauge", - "title": "RAM usage", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "links": [], - "fieldConfig": { - "defaults": { - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 70 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 80 - } - ] - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "color": { - "mode": "thresholds" - }, - "max": 100, - "min": 0, - "unit": "percent" - }, - "overrides": [] - }, - "interval": "30", - "options": { - "reduceOptions": { - "values": false, - "calcs": [ - "lastNotNull" - ], - "fields": "" - }, - "orientation": "horizontal", - "showThresholdLabels": false, - "showThresholdMarkers": true, - "text": {} - }, - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "mem", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ], - "orderByTime": "ASC" - } - ], - "maxDataPoints": null, - "cacheTimeout": null -} diff --git a/salt/grafana/panels/redis_queue_graph.json.jinja b/salt/grafana/panels/redis_queue_graph.json.jinja deleted file mode 100644 index b33290008..000000000 --- a/salt/grafana/panels/redis_queue_graph.json.jinja +++ /dev/null @@ -1,208 +0,0 @@ -{ - "id": 55, - "gridPos": { - "x": {{ PANELS.redis_queue_graph.gridPos.x }}, - "y": {{ PANELS.redis_queue_graph.gridPos.y }}, - "w": {{ PANELS.redis_queue_graph.gridPos.w }}, - "h": {{ PANELS.redis_queue_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Redis Queue", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "links": [], - "unit": "short", - "decimals": 2 - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/Trend/" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "custom.lineWidth", - "value": 4 - }, - { - "id": "custom.lineStyle", - "value": { - "fill": "dash", - "dash": [ - 4, - 10 - ] - } - } - ] - } - ] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "bottom", - "calcs": [ - "max", - "mean" - ] - } - }, - "targets": [ - { - "alias": "Queue Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "redisqueue", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "unparsed" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "role", - "operator": "=~", - "value": "/^manager/" - }, - { - "condition": "OR", - "key": "role", - "operator": "=", - "value": "standalone" - } - ] - }, - { - "alias": "Queue Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "redisqueue", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_unparsed" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "role", - "operator": "=~", - "value": "/^manager/" - }, - { - "condition": "OR", - "key": "role", - "operator": "=", - "value": "standalone" - } - ] - } - ], - "maxDataPoints": null, - "description": "", - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/redis_queue_stat.json.jinja b/salt/grafana/panels/redis_queue_stat.json.jinja deleted file mode 100644 index b0b3d8946..000000000 --- a/salt/grafana/panels/redis_queue_stat.json.jinja +++ /dev/null @@ -1,95 +0,0 @@ -{ - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "color": { - "mode": "thresholds" - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "x": {{ PANELS.redis_queue_stat.gridPos.x }}, - "y": {{ PANELS.redis_queue_stat.gridPos.y }}, - "w": {{ PANELS.redis_queue_stat.gridPos.w }}, - "h": {{ PANELS.redis_queue_stat.gridPos.h }} - }, - "id": 68894, - "options": { - "reduceOptions": { - "values": false, - "calcs": [ - "lastNotNull" - ], - "fields": "" - }, - "orientation": "auto", - "text": {}, - "textMode": "auto", - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto" - }, - "pluginVersion": "7.5.4", - "targets": [ - { - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "redisqueue", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "unparsed" - ] - }, - { - "type": "last", - "params": [] - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - } - ] - } - ], - "title": "Redis Unparsed Queue", - "type": "stat", - "timeFrom": null, - "timeShift": null, - "interval": "30s" -} diff --git a/salt/grafana/panels/rootfs_used_guage.json.jinja b/salt/grafana/panels/rootfs_used_guage.json.jinja deleted file mode 100644 index b628d247c..000000000 --- a/salt/grafana/panels/rootfs_used_guage.json.jinja +++ /dev/null @@ -1,121 +0,0 @@ -{ - "id": 61866, - "gridPos": { - "x": {{ PANELS.rootfs_used_guage.gridPos.x }}, - "y": {{ PANELS.rootfs_used_guage.gridPos.y }}, - "w": {{ PANELS.rootfs_used_guage.gridPos.w }}, - "h": {{ PANELS.rootfs_used_guage.gridPos.h }} - }, - "type": "gauge", - "title": "RootFS used", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "links": [], - "fieldConfig": { - "defaults": { - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 70 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 80 - } - ] - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "color": { - "mode": "thresholds" - }, - "decimals": 0, - "max": 100, - "min": 0, - "unit": "percent" - }, - "overrides": [] - }, - "interval": "30", - "options": { - "reduceOptions": { - "values": false, - "calcs": [ - "lastNotNull" - ], - "fields": "" - }, - "orientation": "horizontal", - "showThresholdLabels": false, - "showThresholdMarkers": true, - "text": {} - }, - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "disk", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - }, - { - "condition": "AND", - "key": "path", - "operator": "=", - "value": "/" - } - ] - } - ], - "maxDataPoints": null, - "cacheTimeout": null -} diff --git a/salt/grafana/panels/row_cpu.json.jinja b/salt/grafana/panels/row_cpu.json.jinja deleted file mode 100644 index 6384048d6..000000000 --- a/salt/grafana/panels/row_cpu.json.jinja +++ /dev/null @@ -1,15 +0,0 @@ -{ - "collapsed": false, - "datasource": null, - "gridPos": { - "x": {{ PANELS.row_cpu.gridPos.x }}, - "y": {{ PANELS.row_cpu.gridPos.y }}, - "w": {{ PANELS.row_cpu.gridPos.w }}, - "h": {{ PANELS.row_cpu.gridPos.h }} - }, - "id": 2, - "panels": [], - "repeat": null, - "title": "CPU", - "type": "row" - } diff --git a/salt/grafana/panels/row_disk_iops.json.jinja b/salt/grafana/panels/row_disk_iops.json.jinja deleted file mode 100644 index f54494825..000000000 --- a/salt/grafana/panels/row_disk_iops.json.jinja +++ /dev/null @@ -1,22 +0,0 @@ -{ - "collapsed": false, - "datasource": null, - "gridPos": { - "x": {{ PANELS.row_disk_iops.gridPos.x }}, - "y": {{ PANELS.row_disk_iops.gridPos.y }}, - "w": {{ PANELS.row_disk_iops.gridPos.w }}, - "h": {{ PANELS.row_disk_iops.gridPos.h }} - }, - "id": 62055, - "panels": [], - "repeat": "disk", - "scopedVars": { - "disk": { - "selected": false, - "text": "sda", - "value": "sda" - } - }, - "title": "Disk IOPS for /dev/$disk", - "type": "row" -} diff --git a/salt/grafana/panels/row_disk_usage.json.jinja b/salt/grafana/panels/row_disk_usage.json.jinja deleted file mode 100644 index 2cfac7cb4..000000000 --- a/salt/grafana/panels/row_disk_usage.json.jinja +++ /dev/null @@ -1,15 +0,0 @@ -{ - "collapsed": false, - "datasource": null, - "gridPos": { - "x": {{ PANELS.row_disk_usage.gridPos.x }}, - "y": {{ PANELS.row_disk_usage.gridPos.y }}, - "w": {{ PANELS.row_disk_usage.gridPos.w }}, - "h": {{ PANELS.row_disk_usage.gridPos.h }} - }, - "id": 3333, - "panels": [], - "repeat": null, - "title": "Disk Usage", - "type": "row" - } diff --git a/salt/grafana/panels/row_docker_details.json.jinja b/salt/grafana/panels/row_docker_details.json.jinja deleted file mode 100644 index bb06a57ed..000000000 --- a/salt/grafana/panels/row_docker_details.json.jinja +++ /dev/null @@ -1,15 +0,0 @@ -{ - "collapsed": false, - "datasource": null, - "gridPos": { - "x": {{ PANELS.row_docker_details.gridPos.x }}, - "y": {{ PANELS.row_docker_details.gridPos.y }}, - "w": {{ PANELS.row_docker_details.gridPos.w }}, - "h": {{ PANELS.row_docker_details.gridPos.h }} - }, - "id": 4, - "panels": [], - "repeat": null, - "title": "Docker Details", - "type": "row" - } diff --git a/salt/grafana/panels/row_elasticsearch.json.jinja b/salt/grafana/panels/row_elasticsearch.json.jinja deleted file mode 100644 index 04340c3e2..000000000 --- a/salt/grafana/panels/row_elasticsearch.json.jinja +++ /dev/null @@ -1,15 +0,0 @@ -{ - "collapsed": false, - "datasource": null, - "gridPos": { - "x": {{ PANELS.row_elasticsearch.gridPos.x }}, - "y": {{ PANELS.row_elasticsearch.gridPos.y }}, - "w": {{ PANELS.row_elasticsearch.gridPos.w }}, - "h": {{ PANELS.row_elasticsearch.gridPos.h }} - }, - "id": 2442, - "panels": [], - "repeat": null, - "title": "Elasticsearch", - "type": "row" - } diff --git a/salt/grafana/panels/row_influxdb.json.jinja b/salt/grafana/panels/row_influxdb.json.jinja deleted file mode 100644 index 7f3251cc9..000000000 --- a/salt/grafana/panels/row_influxdb.json.jinja +++ /dev/null @@ -1,15 +0,0 @@ -{ - "collapsed": false, - "datasource": null, - "gridPos": { - "x": {{ PANELS.row_influxdb.gridPos.x }}, - "y": {{ PANELS.row_influxdb.gridPos.y }}, - "w": {{ PANELS.row_influxdb.gridPos.w }}, - "h": {{ PANELS.row_influxdb.gridPos.h }} - }, - "id": 43434, - "panels": [], - "repeat": null, - "title": "InfluxDB", - "type": "row" - } diff --git a/salt/grafana/panels/row_logstash.json.jinja b/salt/grafana/panels/row_logstash.json.jinja deleted file mode 100644 index e934dbd0e..000000000 --- a/salt/grafana/panels/row_logstash.json.jinja +++ /dev/null @@ -1,15 +0,0 @@ -{ - "collapsed": false, - "datasource": null, - "gridPos": { - "x": {{ PANELS.row_logstash.gridPos.x }}, - "y": {{ PANELS.row_logstash.gridPos.y }}, - "w": {{ PANELS.row_logstash.gridPos.w }}, - "h": {{ PANELS.row_logstash.gridPos.h }} - }, - "id": 24242, - "panels": [], - "repeat": null, - "title": "Logstash", - "type": "row" - } diff --git a/salt/grafana/panels/row_memory.json.jinja b/salt/grafana/panels/row_memory.json.jinja deleted file mode 100644 index 33d203138..000000000 --- a/salt/grafana/panels/row_memory.json.jinja +++ /dev/null @@ -1,15 +0,0 @@ -{ - "collapsed": false, - "datasource": null, - "gridPos": { - "x": {{ PANELS.row_memory.gridPos.x }}, - "y": {{ PANELS.row_memory.gridPos.y }}, - "w": {{ PANELS.row_memory.gridPos.w }}, - "h": {{ PANELS.row_memory.gridPos.h }} - }, - "id": 3, - "panels": [], - "repeat": null, - "title": "Memory", - "type": "row" - } diff --git a/salt/grafana/panels/row_network.json.jinja b/salt/grafana/panels/row_network.json.jinja deleted file mode 100644 index 6f611f580..000000000 --- a/salt/grafana/panels/row_network.json.jinja +++ /dev/null @@ -1,15 +0,0 @@ -{ - "collapsed": false, - "datasource": null, - "gridPos": { - "x": {{ PANELS.row_network.gridPos.x }}, - "y": {{ PANELS.row_network.gridPos.y }}, - "w": {{ PANELS.row_network.gridPos.w }}, - "h": {{ PANELS.row_network.gridPos.h }} - }, - "id": 333, - "panels": [], - "repeat": null, - "title": "Network", - "type": "row" - } diff --git a/salt/grafana/panels/row_overview.json.jinja b/salt/grafana/panels/row_overview.json.jinja deleted file mode 100644 index d05a9394d..000000000 --- a/salt/grafana/panels/row_overview.json.jinja +++ /dev/null @@ -1,15 +0,0 @@ -{ - "collapsed": false, - "datasource": null, - "gridPos": { - "x": {{ PANELS.row_overview.gridPos.x }}, - "y": {{ PANELS.row_overview.gridPos.y }}, - "w": {{ PANELS.row_overview.gridPos.w }}, - "h": {{ PANELS.row_overview.gridPos.h }} - }, - "id": 1, - "panels": [], - "repeat": null, - "title": "Overview", - "type": "row" - } diff --git a/salt/grafana/panels/row_packet_loss.json.jinja b/salt/grafana/panels/row_packet_loss.json.jinja deleted file mode 100644 index b9d2c8a96..000000000 --- a/salt/grafana/panels/row_packet_loss.json.jinja +++ /dev/null @@ -1,15 +0,0 @@ -{ - "collapsed": false, - "datasource": null, - "gridPos": { - "x": {{ PANELS.row_packet_loss.gridPos.x }}, - "y": {{ PANELS.row_packet_loss.gridPos.y }}, - "w": {{ PANELS.row_packet_loss.gridPos.w }}, - "h": {{ PANELS.row_packet_loss.gridPos.h }} - }, - "id": 816341, - "panels": [], - "repeat": null, - "title": "Packet Loss", - "type": "row" - } diff --git a/salt/grafana/panels/row_redis.json.jinja b/salt/grafana/panels/row_redis.json.jinja deleted file mode 100644 index f0be53693..000000000 --- a/salt/grafana/panels/row_redis.json.jinja +++ /dev/null @@ -1,15 +0,0 @@ -{ - "collapsed": false, - "datasource": null, - "gridPos": { - "x": {{ PANELS.row_redis.gridPos.x }}, - "y": {{ PANELS.row_redis.gridPos.y }}, - "w": {{ PANELS.row_redis.gridPos.w }}, - "h": {{ PANELS.row_redis.gridPos.h }} - }, - "id": 24812, - "panels": [], - "repeat": null, - "title": "Redis", - "type": "row" - } diff --git a/salt/grafana/panels/row_stenographer.json.jinja b/salt/grafana/panels/row_stenographer.json.jinja deleted file mode 100644 index 004757748..000000000 --- a/salt/grafana/panels/row_stenographer.json.jinja +++ /dev/null @@ -1,15 +0,0 @@ -{ - "collapsed": false, - "datasource": null, - "gridPos": { - "x": {{ PANELS.row_stenographer.gridPos.x }}, - "y": {{ PANELS.row_stenographer.gridPos.y }}, - "w": {{ PANELS.row_stenographer.gridPos.w }}, - "h": {{ PANELS.row_stenographer.gridPos.h }} - }, - "id": 8812, - "panels": [], - "repeat": null, - "title": "Stenographer", - "type": "row" - } diff --git a/salt/grafana/panels/row_suricata.json.jinja b/salt/grafana/panels/row_suricata.json.jinja deleted file mode 100644 index d4dead5c5..000000000 --- a/salt/grafana/panels/row_suricata.json.jinja +++ /dev/null @@ -1,15 +0,0 @@ -{ - "collapsed": false, - "datasource": null, - "gridPos": { - "x": {{ PANELS.row_suricata.gridPos.x }}, - "y": {{ PANELS.row_suricata.gridPos.y }}, - "w": {{ PANELS.row_suricata.gridPos.w }}, - "h": {{ PANELS.row_suricata.gridPos.h }} - }, - "id": 8481, - "panels": [], - "repeat": null, - "title": "Suricata", - "type": "row" - } diff --git a/salt/grafana/panels/row_swap.json.jinja b/salt/grafana/panels/row_swap.json.jinja deleted file mode 100644 index c465dcc6e..000000000 --- a/salt/grafana/panels/row_swap.json.jinja +++ /dev/null @@ -1,15 +0,0 @@ -{ - "collapsed": false, - "datasource": null, - "gridPos": { - "x": {{ PANELS.row_swap.gridPos.x }}, - "y": {{ PANELS.row_swap.gridPos.y }}, - "w": {{ PANELS.row_swap.gridPos.w }}, - "h": {{ PANELS.row_swap.gridPos.h }} - }, - "id": 444, - "panels": [], - "repeat": null, - "title": "Swap", - "type": "row" - } diff --git a/salt/grafana/panels/row_zeek.json.jinja b/salt/grafana/panels/row_zeek.json.jinja deleted file mode 100644 index 1b236a543..000000000 --- a/salt/grafana/panels/row_zeek.json.jinja +++ /dev/null @@ -1,15 +0,0 @@ -{ - "collapsed": false, - "datasource": null, - "gridPos": { - "x": {{ PANELS.row_zeek.gridPos.x }}, - "y": {{ PANELS.row_zeek.gridPos.y }}, - "w": {{ PANELS.row_zeek.gridPos.w }}, - "h": {{ PANELS.row_zeek.gridPos.h }} - }, - "id": 21281, - "panels": [], - "repeat": null, - "title": "Zeek", - "type": "row" - } diff --git a/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja b/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja deleted file mode 100644 index 0fb56dbe7..000000000 --- a/salt/grafana/panels/stenographer_packet_loss_graph.json.jinja +++ /dev/null @@ -1,229 +0,0 @@ -{ - "id": 19, - "gridPos": { - "x": {{ PANELS.stenographer_packet_loss_graph.gridPos.x }}, - "y": {{ PANELS.stenographer_packet_loss_graph.gridPos.y }}, - "w": {{ PANELS.stenographer_packet_loss_graph.gridPos.w }}, - "h": {{ PANELS.stenographer_packet_loss_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Stenographer Packet Loss", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "links": [], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "value": null, - "color": "green" - }, - { - "value": 80, - "color": "red" - } - ] - }, - "mappings": [], - "links": [], - "unit": "percent", - "min": 0, - "decimals": 1 - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/Trend/" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "custom.lineWidth", - "value": 4 - }, - { - "id": "custom.lineStyle", - "value": { - "fill": "dash", - "dash": [ - 4, - 10 - ] - } - } - ] - } - ] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "Current $tag_host $tag_role", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "role" - ], - "type": "tag" - }, - { - "params": [ - "none" - ], - "type": "fill" - } - ], - "measurement": "stenodrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - } - ] - }, - { - "alias": "Trend $tag_host $tag_role", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "role" - ], - "type": "tag" - }, - { - "params": [ - "none" - ], - "type": "fill" - } - ], - "hide": {{ PANELS.stenographer_packet_loss_graph.get('hideTrend', false)|json }}, - "measurement": "stenodrop", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_drop" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - } - ] - } - ], - "maxDataPoints": null, - "cacheTimeout": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/stenographer_packet_loss_stat.json.jinja b/salt/grafana/panels/stenographer_packet_loss_stat.json.jinja deleted file mode 100644 index 863772fcd..000000000 --- a/salt/grafana/panels/stenographer_packet_loss_stat.json.jinja +++ /dev/null @@ -1,114 +0,0 @@ -{ - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "dark-green", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 1 - }, - { - "color": "dark-red", - "value": 5 - } - ] - }, - "mappings": [ - { - "op": "=", - "text": "N/A", - "value": "null", - "$$hashKey": "object:1120", - "id": 0, - "type": 1 - } - ], - "unit": "percent", - "decimals": 2, - "color": { - "mode": "thresholds" - } - }, - "overrides": [] - }, - "gridPos": { - "x": {{ PANELS.stenographer_packet_loss_stat.gridPos.x }}, - "y": {{ PANELS.stenographer_packet_loss_stat.gridPos.y }}, - "w": {{ PANELS.stenographer_packet_loss_stat.gridPos.w }}, - "h": {{ PANELS.stenographer_packet_loss_stat.gridPos.h }} - }, - "id": 22, - "links": [], - "maxDataPoints": 100, - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "stenodrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "title": "Stenographer Packet Loss", - "type": "stat", - "options": { - "reduceOptions": { - "values": false, - "calcs": [ - "lastNotNull" - ], - "fields": "" - }, - "orientation": "horizontal", - "text": {}, - "textMode": "auto", - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto" - }, - "cacheTimeout": null, - "interval": null, - "pluginVersion": "7.5.4" -} diff --git a/salt/grafana/panels/stenographer_pcap_retention_graph.json.jinja b/salt/grafana/panels/stenographer_pcap_retention_graph.json.jinja deleted file mode 100644 index 83c51a73d..000000000 --- a/salt/grafana/panels/stenographer_pcap_retention_graph.json.jinja +++ /dev/null @@ -1,207 +0,0 @@ -{ - "id": 2239, - "gridPos": { - "x": {{ PANELS.stenographer_pcap_retention_graph.gridPos.x }}, - "y": {{ PANELS.stenographer_pcap_retention_graph.gridPos.y }}, - "w": {{ PANELS.stenographer_pcap_retention_graph.gridPos.w }}, - "h": {{ PANELS.stenographer_pcap_retention_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Stenographer PCAP Retention", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "maxDataPoints": 750, - "interval": "30s", - "links": [], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": true, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "unit": "s", - "decimals": 2 - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/Trend/" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "custom.lineWidth", - "value": 4 - }, - { - "id": "custom.lineStyle", - "value": { - "fill": "dash", - "dash": [ - 4, - 10 - ] - } - } - ] - } - ] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "hidden", - "placement": "bottom", - "calcs": [] - } - }, - "targets": [ - { - "alias": "$tag_host: Oldest Pcap Current", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "type": "tag", - "params": [ - "host" - ] - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "pcapage", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "seconds" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - } - ] - }, - { - "alias": "$tag_host: Oldest Pcap Trend", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "type": "tag", - "params": [ - "host" - ] - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "measurement": "pcapage", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_seconds" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - } - ] - } - ], - "cacheTimeout": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/suricata_packet_loss_graph.json.jinja b/salt/grafana/panels/suricata_packet_loss_graph.json.jinja deleted file mode 100644 index eb26f9d8b..000000000 --- a/salt/grafana/panels/suricata_packet_loss_graph.json.jinja +++ /dev/null @@ -1,241 +0,0 @@ -{ - "id": 21, - "gridPos": { - "x": {{ PANELS.suricata_packet_loss_graph.gridPos.x }}, - "y": {{ PANELS.suricata_packet_loss_graph.gridPos.y }}, - "w": {{ PANELS.suricata_packet_loss_graph.gridPos.w }}, - "h": {{ PANELS.suricata_packet_loss_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Suricata Packet Loss", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "links": [], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "value": null, - "color": "green" - }, - { - "value": 80, - "color": "red" - } - ] - }, - "mappings": [], - "links": [], - "unit": "percent", - "min": 0, - "decimals": 1 - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/Trend/" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "custom.lineWidth", - "value": 4 - }, - { - "id": "custom.lineStyle", - "value": { - "fill": "dash", - "dash": [ - 4, - 10 - ] - } - } - ] - } - ] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "Current $tag_host $tag_role", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "role" - ], - "type": "tag" - }, - { - "params": [ - "none" - ], - "type": "fill" - } - ], - "measurement": "suridrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - } - ] - }, - { - "alias": "Trend $tag_host $tag_role", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "role" - ], - "type": "tag" - }, - { - "params": [ - "none" - ], - "type": "fill" - } - ], - "hide": {{ PANELS.suricata_packet_loss_graph.get('hideTrend', false)|json }}, - "measurement": "suridrop", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_drop" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - } - ] - } - ], - "maxDataPoints": null, - "cacheTimeout": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/suricata_packet_loss_stat.json.jinja b/salt/grafana/panels/suricata_packet_loss_stat.json.jinja deleted file mode 100644 index 87a3f48e5..000000000 --- a/salt/grafana/panels/suricata_packet_loss_stat.json.jinja +++ /dev/null @@ -1,120 +0,0 @@ -{ - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "dark-green", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 1 - }, - { - "color": "dark-red", - "value": 5 - } - ] - }, - "mappings": [ - { - "op": "=", - "text": "N/A", - "value": "null", - "$$hashKey": "object:949", - "id": 0, - "type": 1 - } - ], - "unit": "percent", - "decimals": 2, - "color": { - "mode": "thresholds" - } - }, - "overrides": [] - }, - "gridPos": { - "x": {{ PANELS.suricata_packet_loss_stat.gridPos.x }}, - "y": {{ PANELS.suricata_packet_loss_stat.gridPos.y }}, - "w": {{ PANELS.suricata_packet_loss_stat.gridPos.w }}, - "h": {{ PANELS.suricata_packet_loss_stat.gridPos.h }} - }, - "id": 20, - "links": [], - "maxDataPoints": 100, - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "suridrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "title": "Suricata Packet Loss", - "type": "stat", - "options": { - "reduceOptions": { - "values": false, - "calcs": [ - "lastNotNull" - ], - "fields": "" - }, - "orientation": "horizontal", - "text": {}, - "textMode": "auto", - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto" - }, - "pluginVersion": "7.5.4", - "cacheTimeout": null, - "interval": null -} diff --git a/salt/grafana/panels/swap_io_bytes_graph.json.jinja b/salt/grafana/panels/swap_io_bytes_graph.json.jinja deleted file mode 100644 index fe7989870..000000000 --- a/salt/grafana/panels/swap_io_bytes_graph.json.jinja +++ /dev/null @@ -1,187 +0,0 @@ -{ - "id": 68890, - "gridPos": { - "x": {{ PANELS.swap_io_bytes_graph.gridPos.x }}, - "y": {{ PANELS.swap_io_bytes_graph.gridPos.y }}, - "w": {{ PANELS.swap_io_bytes_graph.gridPos.w }}, - "h": {{ PANELS.swap_io_bytes_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Swap I/O Bytes", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "bottom", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(\"in\")) as \"in\", non_negative_derivative(mean(\"out\")) as \"out\" FROM \"swap\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host ORDER BY asc", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - }, - { - "alias": "$tag_host: $col", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": false, - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT non_negative_derivative(mean(\"mean_in\")) as \"trend_in\", non_negative_derivative(mean(\"mean_out\")) as \"trend_out\" FROM \"so_long_term\".\"swap\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host fill(linear) ORDER BY asc", - "queryType": "randomWalk", - "rawQuery": true, - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "value" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [] - } - ], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "unit": "bytes", - "decimals": 1 - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/trend/" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "custom.lineWidth", - "value": 4 - }, - { - "id": "custom.lineStyle", - "value": { - "fill": "dash", - "dash": [ - 4, - 10 - ] - } - } - ] - } - ] - }, - "maxDataPoints": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/swap_usage_bytes_graph.json.jinja b/salt/grafana/panels/swap_usage_bytes_graph.json.jinja deleted file mode 100644 index 4986b72a5..000000000 --- a/salt/grafana/panels/swap_usage_bytes_graph.json.jinja +++ /dev/null @@ -1,184 +0,0 @@ -{ - "type": "graph", - "title": "Swap Usage", - "gridPos": { - "x": {{ PANELS.swap_usage_bytes_graph.gridPos.x }}, - "y": {{ PANELS.swap_usage_bytes_graph.gridPos.y }}, - "w": {{ PANELS.swap_usage_bytes_graph.gridPos.w }}, - "h": {{ PANELS.swap_usage_bytes_graph.gridPos.h }} - }, - "id": 68892, - "targets": [ - { - "refId": "A", - "queryType": "randomWalk", - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "value" - ] - }, - { - "type": "mean", - "params": [] - } - ] - ], - "query": "SELECT mean(used) as \"used\", mean(total) as \"total\" FROM \"swap\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host ORDER BY asc", - "rawQuery": true, - "alias": "$tag_host: $col" - }, - { - "refId": "B", - "queryType": "randomWalk", - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "value" - ] - }, - { - "type": "mean", - "params": [] - } - ] - ], - "query": "SELECT mean(mean_used) as \"trend_used\", mean(mean_total) as \"trend_total\" FROM \"so_long_term\".\"swap\" WHERE host =~ /$servername$/ AND $timeFilter GROUP BY time($__interval), host ORDER BY asc", - "rawQuery": true, - "alias": "$tag_host: $col", - "hide": false - } - ], - "options": { - "alertThreshold": true - }, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "pluginVersion": "7.5.4", - "renderer": "flot", - "yaxes": [ - { - "label": null, - "show": true, - "logBase": 1, - "min": "0", - "max": null, - "format": "bytes", - "$$hashKey": "object:515" - }, - { - "label": null, - "show": true, - "logBase": 1, - "min": null, - "max": null, - "format": "short", - "$$hashKey": "object:516" - } - ], - "xaxis": { - "show": true, - "mode": "time", - "name": null, - "values": [], - "buckets": null - }, - "yaxis": { - "align": false, - "alignLevel": null - }, - "lines": true, - "fill": 1, - "linewidth": 1, - "dashLength": 10, - "spaceLength": 10, - "pointradius": 2, - "legend": { - "show": true, - "values": true, - "min": false, - "max": true, - "current": true, - "total": false, - "avg": true, - "alignAsTable": true - }, - "nullPointMode": "connected", - "tooltip": { - "value_type": "individual", - "shared": true, - "sort": 0 - }, - "aliasColors": {}, - "seriesOverrides": [ - { - "$$hashKey": "object:575", - "alias": "/total/", - "fill": 0, - "color": "#C4162A" - }, - { - "$$hashKey": "object:596", - "alias": "/trend/", - "fill": 0, - "linewidth": 4, - "dashes": true, - "dashLength": 4 - } - ], - "thresholds": [], - "timeRegions": [], - "fillGradient": 0, - "dashes": false, - "hiddenSeries": false, - "points": false, - "bars": false, - "stack": false, - "percentage": false, - "steppedLine": false, - "maxDataPoints": 750, - "interval": "30s" -} diff --git a/salt/grafana/panels/swap_usage_guage.json.jinja b/salt/grafana/panels/swap_usage_guage.json.jinja deleted file mode 100644 index f7e3d4f34..000000000 --- a/salt/grafana/panels/swap_usage_guage.json.jinja +++ /dev/null @@ -1,115 +0,0 @@ -{ - "id": 61863, - "gridPos": { - "x": {{ PANELS.swap_usage_guage.gridPos.x }}, - "y": {{ PANELS.swap_usage_guage.gridPos.y }}, - "w": {{ PANELS.swap_usage_guage.gridPos.w }}, - "h": {{ PANELS.swap_usage_guage.gridPos.h }} - }, - "type": "gauge", - "title": "Swap usage", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "links": [], - "fieldConfig": { - "defaults": { - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgba(50, 172, 45, 0.97)", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 50 - }, - { - "color": "rgba(245, 54, 54, 0.9)", - "value": 70 - } - ] - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "color": { - "mode": "thresholds" - }, - "decimals": 0, - "max": 100, - "min": 0, - "unit": "percent" - }, - "overrides": [] - }, - "interval": "30", - "options": { - "reduceOptions": { - "values": false, - "calcs": [ - "lastNotNull" - ], - "fields": "" - }, - "orientation": "horizontal", - "showThresholdLabels": false, - "showThresholdMarkers": true, - "text": {} - }, - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "swap", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ], - "orderByTime": "ASC" - } - ], - "maxDataPoints": null, - "cacheTimeout": null -} diff --git a/salt/grafana/panels/swap_usage_percent_graph.json.jinja b/salt/grafana/panels/swap_usage_percent_graph.json.jinja deleted file mode 100644 index 875107fd7..000000000 --- a/salt/grafana/panels/swap_usage_percent_graph.json.jinja +++ /dev/null @@ -1,141 +0,0 @@ -{ - "id": 69873, - "gridPos": { - "x": {{ PANELS.swap_usage_percent_graph.gridPos.x }}, - "y": {{ PANELS.swap_usage_percent_graph.gridPos.y }}, - "w": {{ PANELS.swap_usage_percent_graph.gridPos.w }}, - "h": {{ PANELS.swap_usage_percent_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Swap Usage", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "value": null, - "color": "green" - }, - { - "value": 80, - "color": "red" - } - ] - }, - "mappings": [], - "unit": "percent", - "decimals": 1 - }, - "overrides": [] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host $tag_role", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "role" - ], - "type": "tag" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "swap", - "orderByTime": "ASC", - "policy": "default", - "queryType": "randomWalk", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "used_percent" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - } - ] - } - ], - "timeFrom": null, - "timeShift": null, - "interval": "30s", - "maxDataPoints": null -} diff --git a/salt/grafana/panels/system_uptime.json.jinja b/salt/grafana/panels/system_uptime.json.jinja deleted file mode 100644 index fc2cb69ac..000000000 --- a/salt/grafana/panels/system_uptime.json.jinja +++ /dev/null @@ -1,91 +0,0 @@ -{ - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "rgb(255, 255, 255)", - "value": null - } - ] - }, - "mappings": [], - "decimals": 2, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "x": {{ PANELS.system_uptime.gridPos.x }}, - "y": {{ PANELS.system_uptime.gridPos.y }}, - "w": {{ PANELS.system_uptime.gridPos.w }}, - "h": {{ PANELS.system_uptime.gridPos.h }} - }, - "id": 39, - "options": { - "reduceOptions": { - "values": false, - "calcs": [ - "lastNotNull" - ], - "fields": "" - }, - "orientation": "auto", - "text": {}, - "textMode": "auto", - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto" - }, - "pluginVersion": "7.5.4", - "targets": [ - { - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "system", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "uptime" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "timeFrom": null, - "timeShift": null, - "title": "System Uptime", - "type": "stat" -} diff --git a/salt/grafana/panels/system_uptime_graph.json.jinja b/salt/grafana/panels/system_uptime_graph.json.jinja deleted file mode 100644 index bf26b520f..000000000 --- a/salt/grafana/panels/system_uptime_graph.json.jinja +++ /dev/null @@ -1,148 +0,0 @@ -{ - "type": "graph", - "title": "System Uptime", - "gridPos": { - "x": {{ PANELS.system_uptime_graph.gridPos.x }}, - "y": {{ PANELS.system_uptime_graph.gridPos.y }}, - "w": {{ PANELS.system_uptime_graph.gridPos.w }}, - "h": {{ PANELS.system_uptime_graph.gridPos.h }} - }, - "id": 69016, - "targets": [ - { - "refId": "A", - "queryType": "randomWalk", - "policy": "default", - "resultFormat": "time_series", - "orderByTime": "ASC", - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - } - ], - "groupBy": [ - { - "type": "time", - "params": [ - "$__interval" - ] - }, - { - "type": "tag", - "params": [ - "host" - ] - }, - { - "type": "tag", - "params": [ - "role" - ] - }, - { - "type": "fill", - "params": [ - "null" - ] - } - ], - "select": [ - [ - { - "type": "field", - "params": [ - "uptime" - ] - }, - { - "type": "last", - "params": [] - } - ] - ], - "measurement": "system", - "alias": "$tag_host $tag_role" - } - ], - "options": { - "alertThreshold": true - }, - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "pluginVersion": "7.5.4", - "renderer": "flot", - "yaxes": [ - { - "label": "", - "show": true, - "logBase": 1, - "min": "0", - "max": "604800", - "format": "s", - "$$hashKey": "object:213", - "decimals": 1 - }, - { - "label": null, - "show": true, - "logBase": 1, - "min": null, - "max": null, - "format": "short", - "$$hashKey": "object:214" - } - ], - "xaxis": { - "show": true, - "mode": "time", - "name": null, - "values": [], - "buckets": null - }, - "yaxis": { - "align": false, - "alignLevel": null - }, - "lines": true, - "linewidth": 1, - "dashLength": 10, - "spaceLength": 10, - "pointradius": 2, - "legend": { - "show": true, - "values": true, - "min": false, - "max": false, - "current": true, - "total": false, - "avg": false, - "alignAsTable": true, - "rightSide": true - }, - "nullPointMode": "connected", - "tooltip": { - "value_type": "individual", - "shared": true, - "sort": 1 - }, - "aliasColors": {}, - "seriesOverrides": [], - "thresholds": [], - "timeRegions": [], - "fill": 0, - "fillGradient": 0, - "dashes": false, - "hiddenSeries": false, - "points": false, - "bars": false, - "stack": false, - "percentage": false, - "steppedLine": false, - "decimals": 1, - "description": "" -} diff --git a/salt/grafana/panels/uptime_docker_combined_current_graph.json.jinja b/salt/grafana/panels/uptime_docker_combined_current_graph.json.jinja deleted file mode 100644 index ad4ff2805..000000000 --- a/salt/grafana/panels/uptime_docker_combined_current_graph.json.jinja +++ /dev/null @@ -1,168 +0,0 @@ -{ - "aliasColors": {}, - "dashLength": 10, - "datasource": "InfluxDB", - "decimals": 1, - "fieldConfig": { - "defaults": {}, - "overrides": [] - }, - "gridPos": { - "x": {{ PANELS.uptime_docker_combined_current_graph.gridPos.x }}, - "y": {{ PANELS.uptime_docker_combined_current_graph.gridPos.y }}, - "w": {{ PANELS.uptime_docker_combined_current_graph.gridPos.w }}, - "h": {{ PANELS.uptime_docker_combined_current_graph.gridPos.h }} - }, - "id": 68896, - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sort": "current", - "sortDesc": false, - "total": false, - "values": true - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "pluginVersion": "7.5.4", - "pointradius": 2, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "targets": [ - { - "alias": "$tag_host $tag_role $tag_container_name", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "container_name" - ], - "type": "tag" - }, - { - "type": "tag", - "params": [ - "host" - ] - }, - { - "type": "tag", - "params": [ - "role" - ] - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_status", - "orderByTime": "ASC", - "policy": "default", - "query": "SELECT last(\"uptime_ns\") FROM \"docker_container_status\" WHERE (\"host\" =~ /^$servername$/ AND \"container_name\" =~ /^$containers$/) AND $timeFilter GROUP BY time($__interval), \"container_name\", \"host\", \"role\" fill(null)", - "queryType": "randomWalk", - "rawQuery": false, - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "uptime_ns" - ] - }, - { - "type": "last", - "params": [] - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=~", - "value": "/^$containers$/" - } - ], - "slimit": "", - "limit": "" - } - ], - "thresholds": [], - "timeRegions": [], - "title": "Container Uptime Current", - "tooltip": { - "shared": true, - "sort": 1, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:192", - "format": "ns", - "label": null, - "logBase": 1, - "max": "604800000000000", - "min": "0", - "show": true, - "decimals": 1 - }, - { - "$$hashKey": "object:193", - "decimals": 2, - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": "0", - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - }, - "bars": false, - "dashes": false, - "fill": 0, - "fillGradient": 0, - "hiddenSeries": false, - "percentage": false, - "points": false, - "stack": false, - "steppedLine": false, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/uptime_docker_combined_trend_graph.json.jinja b/salt/grafana/panels/uptime_docker_combined_trend_graph.json.jinja deleted file mode 100644 index a4be68137..000000000 --- a/salt/grafana/panels/uptime_docker_combined_trend_graph.json.jinja +++ /dev/null @@ -1,165 +0,0 @@ -{ - "id": 68999, - "gridPos": { - "x": {{ PANELS.uptime_docker_combined_trend_graph.gridPos.x }}, - "y": {{ PANELS.uptime_docker_combined_trend_graph.gridPos.y }}, - "w": {{ PANELS.uptime_docker_combined_trend_graph.gridPos.w }}, - "h": {{ PANELS.uptime_docker_combined_trend_graph.gridPos.h }} - }, - "type": "graph", - "title": "Container Uptime Trend", - "datasource": "InfluxDB", - "thresholds": [ - { - "$$hashKey": "object:1299", - "colorMode": "critical", - "fill": false, - "line": true, - "op": "lt", - "value": 4500000000000, - "yaxis": "left" - } - ], - "pluginVersion": "8.2.1", - "legend": { - "alignAsTable": true, - "avg": false, - "current": true, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "sort": "current", - "sortDesc": false, - "total": false, - "values": true - }, - "aliasColors": {}, - "dashLength": 10, - "decimals": 1, - "lines": true, - "linewidth": 1, - "nullPointMode": "connected", - "options": { - "alertThreshold": true - }, - "pointradius": 2, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "targets": [ - { - "alias": "$tag_host: $tag_container_name", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "container_name" - ], - "type": "tag" - }, - { - "type": "tag", - "params": [ - "host" - ] - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "docker_container_status", - "orderByTime": "ASC", - "policy": "so_long_term", - "queryType": "randomWalk", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "type": "field", - "params": [ - "mean_uptime_ns" - ] - }, - { - "type": "last", - "params": [] - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - }, - { - "condition": "AND", - "key": "container_name", - "operator": "=~", - "value": "/^$containers$/" - } - ] - } - ], - "timeRegions": [], - "tooltip": { - "shared": true, - "sort": 1, - "value_type": "individual" - }, - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "$$hashKey": "object:192", - "format": "ns", - "label": null, - "logBase": 1, - "max": "604800000000000", - "min": null, - "show": true, - "decimals": 1 - }, - { - "$$hashKey": "object:193", - "decimals": 2, - "format": "short", - "label": "", - "logBase": 1, - "max": null, - "min": "0", - "show": false - } - ], - "yaxis": { - "align": false, - "alignLevel": null - }, - "interval": "30s", - "bars": false, - "dashes": false, - "fill": 0, - "fillGradient": 0, - "hiddenSeries": false, - "percentage": false, - "points": false, - "stack": false, - "steppedLine": false, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/zeek_capture_loss_graph.json.jinja b/salt/grafana/panels/zeek_capture_loss_graph.json.jinja deleted file mode 100644 index 53adcd7fa..000000000 --- a/salt/grafana/panels/zeek_capture_loss_graph.json.jinja +++ /dev/null @@ -1,203 +0,0 @@ -{ - "id": 71, - "gridPos": { - "x": {{ PANELS.zeek_capture_loss_graph.gridPos.x }}, - "y": {{ PANELS.zeek_capture_loss_graph.gridPos.y }}, - "w": {{ PANELS.zeek_capture_loss_graph.gridPos.w }}, - "h": {{ PANELS.zeek_capture_loss_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Capture Loss", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 10, - "gradientMode": "none", - "spanNulls": true, - "showPoints": "auto", - "pointSize": 6, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "mappings": [], - "links": [], - "unit": "percent", - "decimals": 1, - "min": 0 - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/Trend/" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "custom.lineWidth", - "value": 4 - }, - { - "id": "custom.lineStyle", - "value": { - "fill": "dash", - "dash": [ - 4, - 10 - ] - } - } - ] - } - ] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "$tag_host: Loss Current", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "type": "tag", - "params": [ - "host" - ] - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "zeekcaptureloss", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "loss" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - } - ] - }, - { - "alias": "$tag_host: Loss Trend", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "hide": true, - "measurement": "zeekcaptureloss", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_loss" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - } - ] - } - ], - "maxDataPoints": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/zeek_packet_loss_graph.json.jinja b/salt/grafana/panels/zeek_packet_loss_graph.json.jinja deleted file mode 100644 index 7d2c8ae2b..000000000 --- a/salt/grafana/panels/zeek_packet_loss_graph.json.jinja +++ /dev/null @@ -1,244 +0,0 @@ -{ - "id": 2022, - "gridPos": { - "x": {{ PANELS.zeek_packet_loss_graph.gridPos.x }}, - "y": {{ PANELS.zeek_packet_loss_graph.gridPos.y }}, - "w": {{ PANELS.zeek_packet_loss_graph.gridPos.w }}, - "h": {{ PANELS.zeek_packet_loss_graph.gridPos.h }} - }, - "type": "timeseries", - "title": "Zeek Packet Loss", - "datasource": "InfluxDB", - "pluginVersion": "8.2.1", - "interval": "30s", - "links": [], - "fieldConfig": { - "defaults": { - "custom": { - "drawStyle": "line", - "lineInterpolation": "linear", - "barAlignment": 0, - "lineWidth": 1, - "fillOpacity": 0, - "gradientMode": "none", - "spanNulls": false, - "showPoints": "never", - "pointSize": 5, - "stacking": { - "mode": "none", - "group": "A" - }, - "axisPlacement": "auto", - "axisLabel": "", - "scaleDistribution": { - "type": "linear" - }, - "hideFrom": { - "tooltip": false, - "viz": false, - "legend": false - }, - "thresholdsStyle": { - "mode": "off" - }, - "lineStyle": { - "fill": "solid" - } - }, - "color": { - "mode": "palette-classic" - }, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "value": null, - "color": "green" - }, - { - "value": 80, - "color": "red" - } - ] - }, - "mappings": [], - "links": [], - "unit": "percent", - "min": 0, - "decimals": 1 - }, - "overrides": [ - { - "matcher": { - "id": "byRegexp", - "options": "/Trend/" - }, - "properties": [ - { - "id": "custom.fillOpacity", - "value": 0 - }, - { - "id": "custom.lineWidth", - "value": 4 - }, - { - "id": "custom.lineStyle", - "value": { - "fill": "dash", - "dash": [ - 4, - 10 - ] - } - } - ] - } - ] - }, - "options": { - "tooltip": { - "mode": "single" - }, - "legend": { - "displayMode": "table", - "placement": "right", - "calcs": [ - "max", - "mean", - "lastNotNull" - ] - } - }, - "targets": [ - { - "alias": "Current $tag_host $tag_role", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "role" - ], - "type": "tag" - }, - { - "params": [ - "none" - ], - "type": "fill" - } - ], - "measurement": "zeekdrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - } - ] - }, - { - "alias": "Trend $tag_host $tag_role", - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "host" - ], - "type": "tag" - }, - { - "params": [ - "role" - ], - "type": "tag" - }, - { - "params": [ - "none" - ], - "type": "fill" - } - ], - "hide": {{ PANELS.zeek_packet_loss_graph.get('hideTrend', false)|json }}, - "measurement": "zeekdrop", - "orderByTime": "ASC", - "policy": "so_long_term", - "refId": "B", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "mean_drop" - ], - "type": "field" - }, - { - "params": [], - "type": "mean" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=~", - "value": "/^$servername$/" - } - ] - } - ], - "maxDataPoints": null, - "cacheTimeout": null, - "timeFrom": null, - "timeShift": null -} diff --git a/salt/grafana/panels/zeek_packet_loss_stat.json.jinja b/salt/grafana/panels/zeek_packet_loss_stat.json.jinja deleted file mode 100644 index 9d43f5a76..000000000 --- a/salt/grafana/panels/zeek_packet_loss_stat.json.jinja +++ /dev/null @@ -1,120 +0,0 @@ -{ - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "dark-green", - "value": null - }, - { - "color": "rgba(237, 129, 40, 0.89)", - "value": 1 - }, - { - "color": "dark-red", - "value": 5 - } - ] - }, - "mappings": [ - { - "op": "=", - "text": "N/A", - "value": "null", - "$$hashKey": "object:818", - "id": 0, - "type": 1 - } - ], - "unit": "percent", - "decimals": 2, - "color": { - "mode": "thresholds" - } - }, - "overrides": [] - }, - "gridPos": { - "x": {{ PANELS.zeek_packet_loss_stat.gridPos.x }}, - "y": {{ PANELS.zeek_packet_loss_stat.gridPos.y }}, - "w": {{ PANELS.zeek_packet_loss_stat.gridPos.w }}, - "h": {{ PANELS.zeek_packet_loss_stat.gridPos.h }} - }, - "id": 2123, - "links": [], - "maxDataPoints": 100, - "targets": [ - { - "dsType": "influxdb", - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "zeekdrop", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "drop" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - }, - { - "params": [ - "* 100" - ], - "type": "math" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "title": "Zeek Packet Loss", - "type": "stat", - "options": { - "reduceOptions": { - "values": false, - "calcs": [ - "lastNotNull" - ], - "fields": "" - }, - "orientation": "horizontal", - "text": {}, - "textMode": "value", - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto" - }, - "pluginVersion": "7.5.4", - "cacheTimeout": null, - "interval": null -} diff --git a/salt/grafana/panels/zeek_restarts_healthcheck_stat.json.jinja b/salt/grafana/panels/zeek_restarts_healthcheck_stat.json.jinja deleted file mode 100644 index 85dda1154..000000000 --- a/salt/grafana/panels/zeek_restarts_healthcheck_stat.json.jinja +++ /dev/null @@ -1,93 +0,0 @@ -{ - "datasource": "InfluxDB", - "fieldConfig": { - "defaults": { - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 1 - } - ] - }, - "mappings": [] - }, - "overrides": [] - }, - "gridPos": { - "x": {{ PANELS.zeek_restarts_healthcheck_stat.gridPos.x }}, - "y": {{ PANELS.zeek_restarts_healthcheck_stat.gridPos.y }}, - "w": {{ PANELS.zeek_restarts_healthcheck_stat.gridPos.w }}, - "h": {{ PANELS.zeek_restarts_healthcheck_stat.gridPos.h }} - }, - "id": 37, - "options": { - "reduceOptions": { - "values": false, - "calcs": [ - "sum" - ], - "fields": "" - }, - "orientation": "auto", - "text": {}, - "textMode": "auto", - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto" - }, - "pluginVersion": "7.5.4", - "targets": [ - { - "groupBy": [ - { - "params": [ - "$__interval" - ], - "type": "time" - }, - { - "params": [ - "null" - ], - "type": "fill" - } - ], - "measurement": "healthcheck", - "orderByTime": "ASC", - "policy": "default", - "refId": "A", - "resultFormat": "time_series", - "select": [ - [ - { - "params": [ - "zeek_restart" - ], - "type": "field" - }, - { - "params": [], - "type": "last" - } - ] - ], - "tags": [ - { - "key": "host", - "operator": "=", - "value": "$servername" - } - ] - } - ], - "timeFrom": null, - "timeShift": null, - "title": "Zeek Restarts via Healthcheck", - "type": "stat" -} diff --git a/salt/grafana/soc_grafana.yaml b/salt/grafana/soc_grafana.yaml deleted file mode 100644 index a1b056544..000000000 --- a/salt/grafana/soc_grafana.yaml +++ /dev/null @@ -1,49 +0,0 @@ -grafana: - config: - smtp: - enabled: - description: Enable the sending of emails from Grafana. - global: True - helpLink: grafana.html - host: - description: Hostname of the SMTP server. - global: True - helpLink: grafana.html - user: - description: Username for the SMTP server. - global: True - helpLink: grafana.html - password: - description: Password for the SMTP server. - global: True - sensitive: True - helpLink: grafana.html - cert_file: - description: Location of cert file for the SMTP server. - global: True - helpLink: grafana.html - key_file: - description: Location of key file for the SMTP server. - global: True - helpLink: grafana.html - skip_verify: - description: Verify SSL certificates. - global: True - helpLink: grafana.html - from_address: - description: The email address you would like in the From field. - global: True - helpLink: grafana.html - from_name: - description: The name displayed for the From email address. - global: True - helpLink: grafana.html - ehlo_identity: - description: Used for servers with SMTP service extensions. - global: True - helpLink: grafana.html - enterprise: - license_path: - description: Path to enterprise license key. - global: True - helpLink: grafana.html diff --git a/salt/grafana/templates/cluster_name.json b/salt/grafana/templates/cluster_name.json deleted file mode 100644 index bf6dbfb3f..000000000 --- a/salt/grafana/templates/cluster_name.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "allValue": null, - "current": { - "selected": true, - "tags": [], - "text": [{{ TEMPLATES.cluster_name.get('text', DASHBOARD)| json }}], - "value": [{{ TEMPLATES.cluster_name.get('value', DASHBOARD)| json }}] - }, - "datasource": "InfluxDB", - "definition": "show tag values with key=\"cluster_name\"", - "description": null, - "error": null, - "hide": {{ TEMPLATES.cluster_name.get('hide', 0)| json }}, - "includeAll": {{ TEMPLATES.cluster_name.get('includeAll', true)| json }}, - "label": "Cluster Name", - "multi": {{ TEMPLATES.cluster_name.get('multi', true)| json }}, - "name": "cluster_name", - "options": [], - "query": "show tag values with key=\"cluster_name\"", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "type": "query" -} diff --git a/salt/grafana/templates/containers.json b/salt/grafana/templates/containers.json deleted file mode 100644 index 955c5c8e3..000000000 --- a/salt/grafana/templates/containers.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "allValue": null, - "current": { - "selected": true, - "tags": [], - "text": [], - "value": [] - }, - "datasource": "InfluxDB", - "definition": "SHOW TAG VALUES ON telegraf WITH KEY = container_name WHERE (_name = 'docker_container_cpu') AND ((host =~ /^$servername$/) AND (_tagKey = 'container_name'))", - "description": null, - "error": null, - "hide": 0, - "includeAll": true, - "label": "Docker Containers", - "multi": true, - "name": "containers", - "options": [], - "query": "SHOW TAG VALUES ON telegraf WITH KEY = container_name WHERE (_name = 'docker_container_cpu') AND ((host =~ /^$servername$/) AND (_tagKey = 'container_name'))", - "refresh": 1, - "regex": "/so-*/", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } diff --git a/salt/grafana/templates/cpucount.json b/salt/grafana/templates/cpucount.json deleted file mode 100644 index c41889565..000000000 --- a/salt/grafana/templates/cpucount.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "allValue": null, - "current": {}, - "datasource": "InfluxDB", - "definition": "SELECT last(\"n_cpus\") FROM \"system\" WHERE \"host\" =~ /^$servername$/", - "description": null, - "error": null, - "hide": 2, - "includeAll": false, - "label": "CPU Count", - "multi": false, - "name": "cpucount", - "options": [], - "query": "SELECT last(\"n_cpus\") FROM \"system\" WHERE \"host\" =~ /^$servername$/", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } diff --git a/salt/grafana/templates/disk.json b/salt/grafana/templates/disk.json deleted file mode 100644 index ac1b190af..000000000 --- a/salt/grafana/templates/disk.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "allValue": null, - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": "InfluxDB", - "definition": "", - "description": null, - "error": null, - "hide": 0, - "includeAll": true, - "label": "Disk", - "multi": true, - "name": "disk", - "options": [], - "query": "SHOW TAG VALUES ON telegraf FROM \"diskio\" WITH KEY = \"name\" WHERE host =~ /$servername/", - "refresh": 1, - "regex": "[a-z]d[\\D]$|nvme[\\d]n[\\d]$", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": null, - "tags": [], - "tagsQuery": null, - "type": "query", - "useTags": false -} - - - - - - - - - - - diff --git a/salt/grafana/templates/manint.json b/salt/grafana/templates/manint.json deleted file mode 100644 index 22015d274..000000000 --- a/salt/grafana/templates/manint.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "allValue": null, - "current": { - "selected": true, - "tags": [], - "text": [], - "value": [] - }, - "datasource": "InfluxDB", - "definition": "SELECT \"manint\" FROM \"node_config\" WHERE (\"host\" =~ /^$servername$/)", - "description": null, - "error": null, - "hide": 2, - "includeAll": true, - "label": "Management Interface", - "multi": true, - "name": "manint", - "options": [], - "query": "SELECT \"manint\" FROM \"node_config\" WHERE (\"host\" =~ /^$servername$/)", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } diff --git a/salt/grafana/templates/monint.json b/salt/grafana/templates/monint.json deleted file mode 100644 index 417ea8e62..000000000 --- a/salt/grafana/templates/monint.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "allValue": null, - "current": { - "selected": true, - "tags": [], - "text": [], - "value": [] - }, - "datasource": "InfluxDB", - "definition": "SELECT \"monint\" FROM \"node_config\" WHERE (\"host\" =~ /^$servername$/)", - "description": null, - "error": null, - "hide": 2, - "includeAll": true, - "label": "Monitor Interface", - "multi": true, - "name": "monint", - "options": [], - "query": "SELECT \"monint\" FROM \"node_config\" WHERE (\"host\" =~ /^$servername$/)", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } diff --git a/salt/grafana/templates/role.json b/salt/grafana/templates/role.json deleted file mode 100644 index de51ff5d2..000000000 --- a/salt/grafana/templates/role.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "allValue": null, - "current": { - "selected": true, - "tags": [], - "text": [{{ TEMPLATES.role.get('text', DASHBOARD)| json }}], - "value": [{{ TEMPLATES.role.get('value', DASHBOARD)| json }}] - }, - "datasource": "InfluxDB", - "definition": "show tag values with key=\"role\"", - "description": null, - "error": null, - "hide": {{ TEMPLATES.role.get('hide', 0)| json }}, - "includeAll": {{ TEMPLATES.role.get('includeAll', true)| json }}, - "label": "Role", - "multi": {{ TEMPLATES.role.get('multi', true)| json }}, - "name": "role", - "options": [], - "query": "show tag values with key=\"role\"", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false -} diff --git a/salt/grafana/templates/searchnode.json b/salt/grafana/templates/searchnode.json deleted file mode 100644 index 57365cc57..000000000 --- a/salt/grafana/templates/searchnode.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "allValue": null, - "current": { - "selected": true, - "tags": [], - "text": [{{ TEMPLATES.searchnode.get('text', DASHBOARD)| json }}], - "value": [{{ TEMPLATES.searchnode.get('value', DASHBOARD)| json }}] - }, - "datasource": "InfluxDB", - "definition": "show tag values with key=\"host\" WHERE (\"role\" =~ /search/) OR (\"role\" = 'heavynode') OR (\"role\" = 'standalone') OR (\"role\" = 'eval') ", - "description": null, - "error": null, - "hide": {{ TEMPLATES.searchnode.get('hide', 0)| json }}, - "includeAll": {{ TEMPLATES.searchnode.get('includeAll', true)| json }}, - "label": "Searchnode", - "multi": {{ TEMPLATES.searchnode.get('multi', true)| json }}, - "name": "searchnode", - "options": [], - "query": "show tag values with key=\"host\" WHERE (\"role\" =~ /search/) OR (\"role\" = 'heavynode') OR (\"role\" = 'standalone') OR (\"role\" = 'eval') ", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "type": "query" -} diff --git a/salt/grafana/templates/servername.json b/salt/grafana/templates/servername.json deleted file mode 100644 index aaa90acfc..000000000 --- a/salt/grafana/templates/servername.json +++ /dev/null @@ -1,34 +0,0 @@ -{% if DASHBOARD == 'overview' %} - {% set query = "show tag values with key=\\\"host\\\" WHERE (\\\"role\\\" =~ /^$role$/)" %} -{% else %} -{% set query = "show tag values with key=\\\"host\\\" WHERE (\\\"role\\\" = '" ~ DASHBOARD ~ "' )" %} -{% endif %} -{ - "allValue": null, - "current": { - "selected": true, - "tags": [], - "text": [{{ TEMPLATES.servername.get('text', '')| json }}], - "value": [{{ TEMPLATES.servername.get('value', '')| json }}] - }, - "datasource": "InfluxDB", - "definition": "{{ query }}", - "description": "", - "error": null, - "hide": 0, - "includeAll": true, - "label": "Node", - "multi": true, - "name": "servername", - "options": [], - "query": "{{ query }}", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - } diff --git a/salt/influxdb/config.yaml.jinja b/salt/influxdb/config.yaml.jinja new file mode 100644 index 000000000..720c4967c --- /dev/null +++ b/salt/influxdb/config.yaml.jinja @@ -0,0 +1,4 @@ +{%- import_yaml 'influxdb/defaults.yaml' as INFLUXDEFAULTS %} +{%- set INFLUXMERGED = salt['pillar.get']('influxdb:config', default=INFLUXDEFAULTS.influxdb.config, merge=true) %} + +{{ INFLUXMERGED | yaml(false) }} \ No newline at end of file diff --git a/salt/influxdb/defaults.yaml b/salt/influxdb/defaults.yaml index 299666023..72c436a41 100644 --- a/salt/influxdb/defaults.yaml +++ b/salt/influxdb/defaults.yaml @@ -1,158 +1,69 @@ influxdb: config: - meta: - dir: /var/lib/influxdb/meta - retention-autocreate: true - logging-enabled: true - data: - dir: /var/lib/influxdb/data - wal-dir: /var/lib/influxdb/wal - wal-fsync-delay: 0s - index-version: inmem - race-logging-enabled: false - query-log-enabled: true - validate-keys: false - cache-max-memory-size: 1g - cache-snapshot-memory-size: 25m - cache-snapshot-write-cold-duration: 10m - compact-full-write-cold-duration: 4h - max-concurrent-compactions: 0 - compact-throughput: 48m - compact-throughput-burst: 48m - max-index-log-file-size: 1m - max-series-per-database: 1000000 - max-values-per-tag: 100000 - tsm-use-madv-willneed: false - coordinator: - write-timeout: 10s - max-concurrent-queries: 0 - query-timeout: 0s - log-queries-after: 0s - max-select-point: 0 - max-select-series: 0 - max-select-buckets: 0 - retention: - enabled: true - check-interval: 30m - shard-precreation: - enabled: true - check-interval: 10m - advance-period: 30m - monitor: - store-enabled: true - store-database: _internal - store-interval: 10s - http: - enabled: true - flux-enabled: true - bind-address: ':8086' - auth-enabled: false - realm: InfluxDB - log-enabled: false - suppress-write-log: false - access-log-path: '' - access-log-status-filters: [] - write-tracing: false - pprof-enabled: true - debug-pprof-enabled: false - https-enabled: true - https-certificate: /etc/ssl/influxdb.crt - https-private-key: /etc/ssl/influxdb.key - shared-secret: '' - max-row-limit: 0 - max-connection-limit: 0 - unix-socket-enabled: false - bind-socket: /var/run/influxdb.sock - max-body-size: 25000000 - max-concurrent-write-limit: 0 - max-enqueued-write-limit: 0 - enqueued-write-timeout: 0 - logging: - format: auto - level: info - suppress-logo: false - subscriber: - enabled: true - http-timeout: 30s - insecure-skip-verify: false - ca-certs: '' - write-concurrency: 40 - write-buffer-size: 1000 - graphite: - enabled: false - database: graphite - retention-policy: '' - bind-address: ':2003' - protocol: tcp - consistency-level: one - batch-size: 5000 - batch-pending: 10 - batch-timeout: 1s - udp-read-buffer: 0 - separator: '.' - tags: [] - templates: [] - collectd: - enabled: false - bind-address: ':25826' - database: collectd - retention-policy: '' - typesdb: /usr/local/share/collectd - security-level: none - auth-file: /etc/collectd/auth_file - batch-size: 5000 - bath-pending: 10 - batch-timeout: 10s - read-buffer: 0 - parse-multivalue-plugin: split - opentsdb: - enabled: false - bind-address: ':4242' - database: opentsdb - retention-policy: '' - consistency-level: one - tls-enabled: false - certificate: /etc/ssl/influxdb.pem - log-point-errors: true - batch-size: 1000 - batch-pending: 5 - bath-timeout: 1s - udp: - enabled: false - bind-address: ':8089' - database: udp - retention-policy: '' - precision: '' - batch-size: 5000 - batch-pending: 10 - batch-timeout: 1s - read-buffer: 0 - continuous_queries: - enabled: true - log-enabled: true - query-stats-enabled: false - run-interval: 1s - tls: - ciphers: - - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 - - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 - - TLS_RSA_WITH_AES_128_CBC_SHA - - TLS_RSA_WITH_AES_128_CBC_SHA256 - - TLS_RSA_WITH_AES_128_GCM_SHA256 - - TLS_RSA_WITH_AES_256_CBC_SHA - - TLS_RSA_WITH_AES_256_GCM_SHA384 - min-version: tls1.2 - max-version: tls1.2 + bolt-path: /var/lib/influxdb2/influxd.bolt + engine-path: /var/lib/influxdb2/engine + feature-flags: + flux-log-enabled: false + hardening-enabled: true + http-bind-address: :8086 + http-idle-timeout: 0 + http-read-header-timeout: 10s + http-read-timeout: 0 + http-write-timeout: 0 + influxql-max-select-buckets: 0 + influxql-max-select-point: 0 + influxql-max-select-series: 0 + instance-id: + log-level: info + metrics-disabled: true + no-tasks: false + pprof-disabled: true + query-concurrency: 100 + query-initial-memory-bytes: 1073741824 + query-max-memory-bytes: 107374182400 + query-memory-bytes: 1073741824 + query-queue-size: 500 + reporting-disabled: true + secret-store: bolt + session-length: 60 + session-renew-disabled: false + sqlite-path: /var/lib/influxdb2/influxd.sqlite + storage-cache-max-memory-size: 1073741824 + storage-cache-snapshot-memory-size: 26214400 + storage-cache-snapshot-write-cold-duration: 10m0s + storage-compact-full-write-cold-duration: 4h0m0s + storage-compact-throughput-burst: 50331648 + storage-max-concurrent-compactions: 0 + storage-max-index-log-file-size: 1048576 + storage-no-validate-field-size: false + storage-retention-check-interval: 30m0s + storage-series-file-max-concurrent-snapshot-compactions: 0 + storage-series-id-set-cache-size: 100 + storage-shard-precreator-advance-period: 30m0s + storage-shard-precreator-check-interval: 10m0s + storage-tsm-use-madv-willneed: false + storage-validate-keys: false + storage-wal-fsync-delay: 0s + storage-wal-max-concurrent-writes: 0 + storage-wal-max-write-delay: 10m + storage-write-timeout: 10s + store: disk + tls-cert: /conf/influxdb.crt + tls-key: /conf/influxdb.key + tls-min-version: 1.2 + tls-strict-ciphers: true + tracing-type: log + ui-disabled: false + vault-addr: + vault-cacert: + vault-capath: + vault-client-cert: + vault-client-key: + vault-client-timeout: 60s + vault-max-retries: 2 + vault-skip-verify: false + vault-tls-server-name: + vault-token: retention_policies: so_short_term: default: True @@ -164,4 +75,4 @@ influxdb: shard_duration: 7d downsample: so_long_term: - resolution: 5m + resolution: 5m \ No newline at end of file diff --git a/salt/influxdb/etc/influxdb.conf.jinja b/salt/influxdb/etc/influxdb.conf.jinja deleted file mode 100644 index ce607292d..000000000 --- a/salt/influxdb/etc/influxdb.conf.jinja +++ /dev/null @@ -1,26 +0,0 @@ -{%- import_yaml 'influxdb/defaults.yaml' as INFLUXDEFAULTS %} -{%- set INFLUXMERGED = salt['pillar.get']('influxdb', default=INFLUXDEFAULTS.influxdb, merge=true) %} - -{%- for header in INFLUXMERGED.config.keys() %} -{%- if header in ['graphite', 'collectd', 'opentsdb', 'udp'] %} -[[{{header}}]] -{%- else %} -[{{header}}] -{%- endif %} -{%- for k, v in INFLUXMERGED.config[header].items() %} -{#- is v a list? #} -{%- if v is iterable and (v is not string and v is not mapping) %} - {{k}} = [ -{%- for li in v %} - "{{li}}", -{%- endfor %} - ] -{%- elif v is string %} - {{k}} = "{{v}}" -{%- elif v is boolean %} - {{k}} = {{v|string|lower}} -{%- else %} - {{k}} = {{v}} -{%- endif %} -{%- endfor %} -{%- endfor %} diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls index 4fe625209..ae98c908b 100644 --- a/salt/influxdb/init.sls +++ b/salt/influxdb/init.sls @@ -3,24 +3,19 @@ {% from 'docker/docker.map.jinja' import DOCKER %} {% from 'vars/globals.map.jinja' import GLOBALS %} -{% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %} +{% set PASSWORD = salt['pillar.get']('secrets:influx_pass') %} +{% set TOKEN = salt['pillar.get']('secrets:influx_token') %} {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-eval', 'so-import'] %} -{% import_yaml 'influxdb/defaults.yaml' as default_settings %} -{% set influxdb = salt['grains.filter_by'](default_settings, default='influxdb', merge=salt['pillar.get']('influxdb', {})) %} -{% from 'salt/map.jinja' import PYTHON3INFLUX with context %} -{% from 'salt/map.jinja' import PYTHONINFLUXVERSION with context %} -{% set PYTHONINFLUXVERSIONINSTALLED = salt['cmd.run']("python3 -c \"exec('try:import influxdb; print (influxdb.__version__)\\nexcept:print(\\'Module Not Found\\')')\"", python_shell=True) %} include: - salt.minion - - salt.python3-influxdb - ssl # Influx DB influxconfdir: file.directory: - - name: /opt/so/conf/influxdb/etc + - name: /opt/so/conf/influxdb - makedirs: True influxlogdir: @@ -38,11 +33,11 @@ influxdbdir: influxdbconf: file.managed: - - name: /opt/so/conf/influxdb/etc/influxdb.conf + - name: /opt/so/conf/influxdb/config.yaml - user: 939 - group: 939 - template: jinja - - source: salt://influxdb/etc/influxdb.conf.jinja + - source: salt://influxdb/config.yaml.jinja so-influxdb: docker_container.running: @@ -52,13 +47,21 @@ so-influxdb: - sobridge: - ipv4_address: {{ DOCKER.containers['so-influxdb'].ip }} - environment: + - INFLUXD_CONFIG_PATH=/conf - INFLUXDB_HTTP_LOG_ENABLED=false + - DOCKER_INFLUXDB_INIT_MODE=setup + - DOCKER_INFLUXDB_INIT_USERNAME=so + - DOCKER_INFLUXDB_INIT_PASSWORD={{ password }} + - DOCKER_INFLUXDB_INIT_ORG="Security Onion" + - DOCKER_INFLUXDB_INIT_BUCKET=telegraf/so_short_term + - DOCKER_INFLUXDB_INIT_RETENTION=30d + - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN={{ token }} - binds: - /opt/so/log/influxdb/:/log:rw - - /opt/so/conf/influxdb/etc/influxdb.conf:/etc/influxdb/influxdb.conf:ro - - /nsm/influxdb:/var/lib/influxdb:rw - - /etc/pki/influxdb.crt:/etc/ssl/influxdb.crt:ro - - /etc/pki/influxdb.key:/etc/ssl/influxdb.key:ro + - /opt/so/conf/influxdb/config.yaml:/conf/config.yaml:ro + - /nsm/influxdb:/var/lib/influxdb2:rw + - /etc/pki/influxdb.crt:/conf/influxdb.crt:ro + - /etc/pki/influxdb.key:/conf/influxdb.key:ro - port_bindings: {% for BINDING in DOCKER.containers['so-influxdb'].port_bindings %} - {{ BINDING }} @@ -86,75 +89,6 @@ get_influxdb_size: - month: '*' - dayweek: '*' -# We have to make sure the influxdb module is the right version prior to state run since reload_modules is bugged -{% if PYTHONINFLUXVERSIONINSTALLED == PYTHONINFLUXVERSION %} -wait_for_influxdb: - http.query: - - name: 'https://{{GLOBALS.manager}}:8086/query?q=SHOW+DATABASES' - - ssl: True - - verify_ssl: False - - status: 200 - - timeout: 10 - - retry: - attempts: 20 - interval: 5 - - require: - - docker_container: so-influxdb - -telegraf_database: - influxdb_database.present: - - name: telegraf - - database: telegraf - - ssl: True - - verify_ssl: /etc/pki/ca.crt - - cert: ['/etc/pki/influxdb.crt', '/etc/pki/influxdb.key'] - - influxdb_host: {{ GLOBALS.manager }} - - require: - - docker_container: so-influxdb - - sls: salt.python3-influxdb - - http: wait_for_influxdb - -{% for rp in influxdb.retention_policies.keys() %} -{{rp}}_retention_policy: - influxdb_retention_policy.present: - - name: {{rp}} - - database: telegraf - - duration: {{influxdb.retention_policies[rp].duration}} - - shard_duration: {{influxdb.retention_policies[rp].shard_duration}} - - replication: 1 - - default: {{influxdb.retention_policies[rp].get('default', 'False')}} - - ssl: True - - verify_ssl: /etc/pki/ca.crt - - cert: ['/etc/pki/influxdb.crt', '/etc/pki/influxdb.key'] - - influxdb_host: {{ GLOBALS.manager }} - - require: - - docker_container: so-influxdb - - influxdb_database: telegraf_database - - file: influxdb_retention_policy.present_patch - - sls: salt.python3-influxdb -{% endfor %} - -{% for dest_rp in influxdb.downsample.keys() %} - {% for measurement in influxdb.downsample[dest_rp].get('measurements', []) %} -so_downsample_{{measurement}}_cq: - influxdb_continuous_query.present: - - name: so_downsample_{{measurement}}_cq - - database: telegraf - - query: SELECT mean(*) INTO "{{dest_rp}}"."{{measurement}}" FROM "{{measurement}}" GROUP BY time({{influxdb.downsample[dest_rp].resolution}}),* - - ssl: True - - verify_ssl: /etc/pki/ca.crt - - cert: ['/etc/pki/influxdb.crt', '/etc/pki/influxdb.key'] - - influxdb_host: {{ GLOBALS.manager }} - - require: - - docker_container: so-influxdb - - influxdb_database: telegraf_database - - file: influxdb_continuous_query.present_patch - {% endfor %} -{% endfor %} - -{% endif %} -{% endif %} - {% else %} {{sls}}_state_not_allowed: diff --git a/salt/influxdb/map.jinja b/salt/influxdb/map.jinja deleted file mode 100644 index a13d4c257..000000000 --- a/salt/influxdb/map.jinja +++ /dev/null @@ -1,9 +0,0 @@ -{% import_yaml 'influxdb/defaults.yaml' as INFLUXDB %} -{% set measurements = salt['cmd.shell']('docker exec -t so-influxdb influx -format json -ssl -unsafeSsl -database telegraf -execute "show measurements" 2> /root/measurement_query.log | jq -r .results[0].series[0].values[]?[0] 2>> /root/measurement_query.log', shell='/bin/bash') %} - -{% if measurements|length > 0 %} -{% do INFLUXDB.influxdb.downsample.so_long_term.update('measurements': [])%} -{% for measurement in measurements.splitlines() %} -{% do INFLUXDB.influxdb.downsample.so_long_term.measurements.append(measurement)%} -{% endfor %} -{% endif %} diff --git a/salt/influxdb/soc_influxdb.yaml b/salt/influxdb/soc_influxdb.yaml index 4ef705191..54e6df09b 100644 --- a/salt/influxdb/soc_influxdb.yaml +++ b/salt/influxdb/soc_influxdb.yaml @@ -1,362 +1,350 @@ influxdb: config: - meta: - logging-enabled: - description: Enable InfluxDB meta server logging. - global: True - helpLink: influxdb.html - data: - wal-fsync-delay: - description: The amount of time that a write will wait before fsyncing. - global: True - helpLink: influxdb.html - index-version: - description: The type of shard index to use for new shards. - global: True - helpLink: influxdb.html - trace-logging-enabled: - description: Trace logging provides more verbose output around the tsm engine. - global: True - advanced: True - helpLink: influxdb.html - query-log-enabled: - description: Whether queries should be logged before execution. - global: True - helpLink: influxdb.html - validate-keys: - description: Validates incoming writes to ensure keys only have valid unicode characters. - global: True - advanced: True - helpLink: influxdb.html - cache-max-memory-size: - description: The maximum size a shard's cache can reach before it starts rejecting writes. - global: True - helpLink: influxdb.html - cache-snapshot-memory-size: - description: The size at which the engine will snapshot the cache and write it to a TSM file, freeing up memory. - global: True - advanced: True - helpLink: influxdb.html - cache-snapshot-write-cold-duration: - description: The length of time at which the engine will snapshot the cache and write it to a new TSM file if the shard hasn't received writes or deletes. - global: True - advanced: True - helpLink: influxdb.html - compact-full-write-cold-duration: - description: The duration at which the engine will compact all TSM files in a shard if it hasn't received a write or delete. - global: True - advanced: True - helpLink: influxdb.html - max-concurrent-compactions: - description: The maximum number of concurrent full and level compactions that can run at one time. - global: True - helpLink: influxdb.html - compact-throughput: - description: The rate limit in bytes per second that we will allow TSM compactions to write to disk. - global: True - advanced: True - helpLink: influxdb.html - compact-throughput-burst: - description: The rate limit in bytes per second that we will allow TSM compactions to write to disk. - global: True - advanced: True - helpLink: influxdb.html - max-index-log-file-size: - description: The threshold, in bytes, when an index write-ahead log file will compact into an index file. - global: True - advanced: True - helpLink: influxdb.html - max-series-per-database: - description: The maximum series allowed per database before writes are dropped. - global: True - advanced: True - helpLink: influxdb.html - max-values-per-tag: - description: The maximum number of tag values per tag that are allowed before writes are dropped. - global: True - advanced: True - helpLink: influxdb.html - tsm-use-madv-willneed: - description: If true, then the mmap advise value MADV_WILLNEED will be provided to the kernel with respect to TSM files. - global: True - advanced: True - helpLink: influxdb.html - coordinator: - write-timeout: - description: The default time a write request will wait until a "timeout" error is returned to the caller. - global: True - helpLink: influxdb.html - max-concurrent-queries: - description: The maximum number of concurrent queries allowed to be executing at one time. - global: True - helpLink: influxdb.html - query-timeout: - description: The maximum time a query will is allowed to execute before being killed by the system. - global: True - helpLink: influxdb.html - log-queries-after: - description: The time threshold when a query will be logged as a slow query. - global: True - helpLink: influxdb.html - max-select-point: - description: The maximum number of points a SELECT can process. - global: True - advanced: True - helpLink: influxdb.html - max-select-series: - description: The maximum number of series a SELECT can run. - global: True - advanced: True - helpLink: influxdb.html - max-select-buckets: - description: The maxium number of group by time bucket a SELECT can create. - global: True - advanced: True - helpLink: influxdb.html - retention: - enabled: - description: Determines whether retention policy enforcement enabled. - global: True - advanced: True - helpLink: influxdb.html - check-interval: - description: The interval of time when retention policy enforcement checks run. - global: True - helpLink: influxdb.html - shard-precreation: - enabled: - description: Determines whether shard pre-creation service is enabled. - global: True - advanced: True - helpLink: influxdb.html - check-interval: - description: The interval of time when the check to pre-create new shards runs. - global: True - helpLink: influxdb.html - advance-period: - description: The default period ahead of the endtime of a shard group that its successor group is created. - global: True - advanced: True - helpLink: influxdb.html - monitor: - store-enabled: - description: Whether to record statistics internally. - global: True - helpLink: influxdb.html - store-database: - description: The destination database for recorded statistics. - global: True - advanced: True - helpLink: influxdb.html - store-interval: - description: The interval at which to record statistics. - global: True - helpLink: influxdb.html - http: - enabled: - description: Determines whether HTTP endpoint is enabled. - global: True - advanced: True - helpLink: influxdb.html - flux-enabled: - description: Determines whether the Flux query endpoint is enabled. - global: True - advanced: True - helpLink: influxdb.html - bind-address: - description: The bind address used by the HTTP service. - global: True - advanced: True - helpLink: influxdb.html - auth-enabled: - description: Determines whether user authentication is enabled over HTTP/HTTPS. - global: True - advanced: True - helpLink: influxdb.html - realm: - description: The default realm sent back when issuing a basic auth challenge. - global: True - advanced: True - helpLink: influxdb.html - log-enabled: - description: Determines whether HTTP request logging is enabled. - global: True - helpLink: influxdb.html - suppress-write-log: - description: Determines whether the HTTP write request logs should be suppressed when the log is enabled. - global: True - helpLink: influxdb.html - access-log-path: - description: Path for http access logs. - global: True - advanced: True - helpLink: influxdb.html - access-log-status-filters: - description: Filters which requests should be logged. - global: True - advanced: True - helpLink: influxdb.html - write-tracing: - description: Determines whether detailed write logging is enabled. - global: True - advanced: True - helpLink: influxdb.html - pprof-enabled: - description: Determines whether the pprof endpoint is enabled. - global: True - advanced: True - helpLink: influxdb.html - debug-pprof-enabled: - description: Determines whether the pprof endpoint is enabled in debug mode. - global: True - advanced: True - helpLink: influxdb.html - https-enabled: - description: Determines whether HTTPS is enabled. - global: True - helpLink: influxdb.html - https-certificate: - description: The SSL certificate to use when HTTPS is enabled. - global: True - advanced: True - helpLink: influxdb.html - https-private-key: - description: Use a separate private key location. - global: True - advanced: True - helpLink: influxdb.html - shared-secret: - description: The JWT auth shared secret to validate requests using JSON web tokens. - global: True - advanced: True - helpLink: influxdb.html - max-row-limit: - description: The default chunk size for result sets that should be chunked. - global: True - helpLink: influxdb.html - max-connection-limit: - description: The maximum number of HTTP connections that may be open at once. - global: True - helpLink: influxdb.html - unix-socket-enabled: - description: Enable http service over unix domain socket. - global: True - advanced: True - helpLink: influxdb.html - bind-socket: - description: The path of the unix domain socket. - global: True - advanced: True - helpLink: influxdb.html - max-body-size: - description: The maximum size of a client request body, in bytes. - global: True - helpLink: influxdb.html - max-concurrent-write-limit: - description: The maximum number of writes processed concurrently. - global: True - helpLink: influxdb.html - max-enqueued-write-limit: - description: The maximum number of writes queued for processing. - global: True - helpLink: influxdb.html - enqueued-write-timeout: - description: The maximum duration for a write to wait in the queue to be processed. - global: True - helpLink: influxdb.html - logging: - format: - description: Determines which log encoder to use for logs. - global: True - helpLink: influxdb.html - level: - description: Determines which level of logs will be emitted. - global: True - helpLink: influxdb.html - suppress-logo: - description: Suppresses the logo output that is printed when the program is started. - global: True - helpLink: influxdb.html - subscriber: - enabled: - description: Determines whether the subscriber service is enabled. - global: True - advanced: True - helpLink: influxdb.html - http-timeout: - description: The default timeout for HTTP writes to subscribers. - global: True - helpLink: influxdb.html - insecure-skip-verify: - description: Allows insecure HTTPS connections to subscribers. - global: True - advanced: True - helpLink: influxdb.html - ca-certs: - description: The path to the PEM encoded CA certs file. - global: True - advanced: True - helpLink: influxdb.html - write-concurrency: - description: he number of writer goroutines processing the write channel. - global: True - helpLink: influxdb.html - write-buffer-size: - description: The number of in-flight writes buffered in the write channel. - global: True - helpLink: influxdb.html - continuous_queries: - enabled: - description: Determines whether the continuous query service is enabled. - global: True - helpLink: influxdb.html - log-enabled: - description: Controls whether queries are logged when executed by the CQ service. - global: True - helpLink: influxdb.html - query-stats-enabled: - description: Controls whether queries are logged to the self-monitoring data store. - global: True - helpLink: influxdb.html - run-interval: - description: Interval for how often continuous queries will be checked if they need to run. - global: True - helpLink: influxdb.html - tls: - ciphers: - description: Determines the available set of cipher suites. - global: True - helpLink: influxdb.html - min-version: - description: Minimum version of the tls protocol that will be negotiated. - global: True - helpLink: influxdb.html - max-version: - description: Maximum version of the tls protocol that will be negotiated. - global: True - helpLink: influxdb.html + bolt-path: /var/lib/influxdb2/influxd.bolt + description: Path to the bolt DB file located inside the so-influxdb container. + global: True + advanced: True + helpLink: influxdb.html + engine-path: /var/lib/influxdb2/engine + description: Path to the engine directory located inside the so-influxdb container. This directory stores the time series data. + global: True + advanced: True + helpLink: influxdb.html + feature-flags: + description: List of key=value flags to enable. + global: True + advanced: True + helpLink: influxdb.html + flux-log-enabled: false + description: Controls whether detailed flux query logging is enabled. + global: True + advanced: True + helpLink: influxdb.html + hardening-enabled: true + description: If true, enforces outbound connections from the InfluxDB process must never attempt to reach an internal, private network address. + global: True + advanced: True + helpLink: influxdb.html + http-bind-address: :8086 + description: The URL and port on which InfluxDB will listen for new connections. + global: True + advanced: True + helpLink: influxdb.html + http-idle-timeout: 0 + description: Keep-alive timeout while a connection waits for new requests. A value of 0 is the same as no timeout enforced. + global: True + advanced: True + helpLink: influxdb.html + http-read-header-timeout: 10s + description: The duration to wait for a request header before closing the connection. A value of 0 is the same as no timeout enforced. + global: True + advanced: True + helpLink: influxdb.html + http-read-timeout: 0 + description: The duration to wait for the request to be fully read before closing the connection. A value of 0 is the same as no timeout enforced. + global: True + advanced: True + helpLink: influxdb.html + http-write-timeout: 0 + description: The duration to wait for the response to be fully written before closing the connection. A value of 0 is the same as no timeout enforced. + global: True + advanced: True + helpLink: influxdb.html + influxql-max-select-buckets: 0 + description: Maximum number of group-by clauses in a SELECT statement. A value of 0 is the same as unlimited. + global: True + advanced: True + helpLink: influxdb.html + influxql-max-select-point: 0 + description: Maximum number of points that can be queried in a SELECT statement. A value of 0 is the same as unlimited. + global: True + advanced: True + helpLink: influxdb.html + influxql-max-select-series: 0 + description: Maximum number of series that can be returned in a SELECT statement. A value of 0 is the same as unlimited. + global: True + advanced: True + helpLink: influxdb.html + instance-id: + description: Unique instance ID for this server, to avoid collisions in a replicated cluster. + global: True + advanced: True + helpLink: influxdb.html + log-level: info + description: The log level to use for outputting log statements. Allowed values are debug, info, or error. + global: True + advanced: false + regex: ^(info|debug|error)$ + helpLink: influxdb.html + metrics-disabled: true + description: If true, the HTTP endpoint that exposes internal InfluxDB metrics will be inaccessible. + global: True + advanced: True + helpLink: influxdb.html + no-tasks: false + description: If true, the task system will not process any queued tasks. Useful for troubleshooting startup problems. + global: True + advanced: True + helpLink: influxdb.html + pprof-disabled: true + description: If true, the profiling data HTTP endpoint will be inaccessible. + global: True + advanced: True + helpLink: influxdb.html + query-concurrency: 100 + description: Maximum number of queries to execute concurrently. A value of 0 is the same as unlimited. + global: True + advanced: True + helpLink: influxdb.html + query-initial-memory-bytes: 1073741824 + description: The initial number of bytes of memory to allocate for a new query. + global: True + advanced: True + helpLink: influxdb.html + query-max-memory-bytes: 107374182400 + description: The number of bytes of memory to allocate to all running queries. Should typically be the query bytes times the max concurrent queries. + global: True + advanced: True + helpLink: influxdb.html + query-memory-bytes: 1073741824 + description: Maximum number of bytes of memory to allocate to a query. + global: True + advanced: True + helpLink: influxdb.html + query-queue-size: 500 + description: Maximum number of queries that can be queued at one time. If this value is reached, new queries will not be queued. A value of 0 is the same as unlimited. + global: True + advanced: True + helpLink: influxdb.html + reporting-disabled: true + description: If true, prevents InfluxDB from sending telemetry updates to InfluxData's servers. + global: True + advanced: True + helpLink: influxdb.html + secret-store: bolt + description: Determines the type of storage used for secrets. Allowed values are bolt or vault. + global: True + advanced: True + regex: ^(bolt|vault)$ + helpLink: influxdb.html + session-length: 60 + description: Number of minutes that a user login session can remain authenticated. + global: True + advanced: True + helpLink: influxdb.html + session-renew-disabled: false + description: If true, user login sessions will renew after each request. + global: True + advanced: True + helpLink: influxdb.html + sqlite-path: /var/lib/influxdb2/influxd.sqlite + description: Path to the Sqlite3 database inside the container. This database stored user data and other information about the database. + global: True + advanced: True + helpLink: influxdb.html + storage-cache-max-memory-size: 1073741824 + description: Maximum number of bytes to allocate to cache data per shard. If exceeded, new data writes will be rejected. + global: True + advanced: True + helpLink: influxdb.html + storage-cache-snapshot-memory-size: 26214400 + description: Number of bytes to allocate to cache snapshot data. When the cache reaches this size, it will be written to disk to increase available memory. + global: True + advanced: True + helpLink: influxdb.html + storage-cache-snapshot-write-cold-duration: 10m0s + description: Duration between snapshot writes to disk when the shard data hasn't been modified. + global: True + advanced: True + helpLink: influxdb.html + storage-compact-full-write-cold-duration: 4h0m0s + description: Duration between shard compactions when the shard data hasn't been modified. + global: True + advanced: True + helpLink: influxdb.html + storage-compact-throughput-burst: 50331648 + description: Maximum throughput (number of bytes per second) that compactions be written to disk. + global: True + advanced: True + helpLink: influxdb.html + storage-max-concurrent-compactions: 0 + description: Maximum number of concurrent compactions. A value of 0 is the same as half the available CPU processors (procs). + global: True + advanced: True + helpLink: influxdb.html + storage-max-index-log-file-size: 1048576 + description: Maximum number of bytes of a write-ahead log (WAL) file before it will be compacted into an index on disk. + global: True + advanced: True + helpLink: influxdb.html + storage-no-validate-field-size: false + description: If true, incoming requests will skip the field size validation. + global: True + advanced: True + helpLink: influxdb.html + storage-retention-check-interval: 30m0s + description: Interval between reviewing each bucket's retention policy and the age of the associated data. + global: True + advanced: True + helpLink: influxdb.html + storage-series-file-max-concurrent-snapshot-compactions: 0 + description: Maximum number of concurrent snapshot compactions across all database partitions. + global: True + advanced: True + helpLink: influxdb.html + storage-series-id-set-cache-size: 100 + description: Maximum size of the series cache results. Higher values may increase performance for repeated data lookups. + global: True + advanced: True + helpLink: influxdb.html + storage-shard-precreator-advance-period: 30m0s + description: The duration before a successor shard group is created after the end-time has been reached. + global: True + advanced: True + helpLink: influxdb.html + storage-shard-precreator-check-interval: 10m0s + description: Interval between checking if new shards should be created. + global: True + advanced: True + helpLink: influxdb.html + storage-tsm-use-madv-willneed: false + description: If true, InfluxDB will manage TSM memory paging. + global: True + advanced: True + helpLink: influxdb.html + storage-validate-keys: false + description: If true, validates incoming requests for supported characters. + global: True + advanced: True + helpLink: influxdb.html + storage-wal-fsync-delay: 0s + description: Duration to wait before calling fsync. Useful for handling conflicts on slower disks. + global: True + advanced: True + helpLink: influxdb.html + storage-wal-max-concurrent-writes: 0 + description: Maximum number of concurrent write-ahead log (WAL) writes to disk. The value of 0 is the same as CPU processors (procs) x 2. + global: True + advanced: True + helpLink: influxdb.html + storage-wal-max-write-delay: 10m + description: Maximum duration to wait before writing the write-ahead log (WAL) to disk, when the concurrency limit has been exceeded. A value of 0 is the same as no timeout. + global: True + advanced: True + helpLink: influxdb.html + storage-write-timeout: 10s + description: Maximum time to wait for a write-ahead log (WAL) to write to disk before aborting. + global: True + advanced: True + helpLink: influxdb.html + store: disk + description: The type of data store to use for HTTP resources. Allowed values are disk or memory. Memory should not be used for production Security Onion installations. + global: True + advanced: True + regex: ^(disk|memory)$ + helpLink: influxdb.html + tls-cert: /conf/influxdb.crt + description: The container path to the certificate to use for TLS encryption of the HTTP requests and responses. + global: True + advanced: True + helpLink: influxdb.html + tls-key: /conf/influxdb.key + description: The container path to the certificate key to use for TLS encryption of the HTTP requests and responses. + global: True + advanced: True + helpLink: influxdb.html + tls-min-version: 1.2 + description: The minimum supported version of TLS to be enforced on all incoming HTTP requests. + global: True + advanced: True + helpLink: influxdb.html + tls-strict-ciphers: true + description: If true, the allowed ciphers used with TLS connections are ECDHE_RSA_WITH_AES_256_GCM_SHA384, ECDHE_RSA_WITH_AES_256_CBC_SHA, RSA_WITH_AES_256_GCM_SHA384, or RSA_WITH_AES_256_CBC_SHA. + global: True + advanced: True + helpLink: influxdb.html + tracing-type: log + description: The tracing format for debugging purposes. Allowed values are log or jaeger, or leave blank to disable tracing. + global: True + advanced: True + helpLink: influxdb.html + ui-disabled: false + description: If true, the InfluxDB HTTP user interface will be disabled. This will prevent use of the included InfluxDB dashboard visualizations. + global: True + advanced: True + helpLink: influxdb.html + vault-addr: + description: Vault server address. + global: True + advanced: True + helpLink: influxdb.html + vault-cacert: + description: Path to the Vault's single certificate authority certificate file within the container. + global: True + advanced: True + helpLink: influxdb.html + vault-capath: + description: Path to the Vault's certificate authority directory within the container. + global: True + advanced: True + helpLink: influxdb.html + vault-client-cert: + description: Vault client certificate path within the container. + global: True + advanced: True + helpLink: influxdb.html + vault-client-key: + description: Vault client certificate key path within the container. + global: True + advanced: True + helpLink: influxdb.html + vault-client-timeout: 60s + description: Duration to wait for a response from the Vault server before aborting. + global: True + advanced: True + helpLink: influxdb.html + vault-max-retries: 2 + description: Maximum number of retries when attempting to contact the Vault server. A value of 0 is the same as disabling retries. + global: True + advanced: True + helpLink: influxdb.html + vault-skip-verify: false + description: Skip certification validation of the Vault server. + global: True + advanced: True + helpLink: influxdb.html + vault-tls-server-name: + description: SNI host to specify when using TLS to connect to the Vault server. + global: True + advanced: True + helpLink: influxdb.html + vault-token: + description: Vault token used for authentication. + global: True + advanced: True + helpLink: influxdb.html retention_policies: so_short_term: duration: description: Amount of time to keep short term data. global: True - helpLink: grafana.html#data + helpLink: influxdb.html shard_duration: description: Time range global: True - helpLink: grafana.html#data + helpLink: influxdb.html so_long_term: duration: description: Amount of time to keep long term downsampled data. global: True - helpLink: grafana.html#data + helpLink: influxdb.html shard_duration: description: Amount of the time range covered by the shard group. global: True - helpLink: grafana.html#data + helpLink: influxdb.html downsample: so_long_term: resolution: description: Amount of time to turn into a single data point. global: True - helpLink: grafana.html#data \ No newline at end of file + helpLink: influxdb.html \ No newline at end of file diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index d09325f0e..52d3613a3 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -1,5 +1,9 @@ {%- from 'vars/globals.map.jinja' import GLOBALS %} {%- set role = grains.id.split('_') | last %} + +{%- set influxpass = salt['pillar.get']('secrets:influx_pass') %} +{%- set influxauth = 'so:' + influxpass | base64 %} + worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; @@ -179,13 +183,14 @@ http { autoindex_localtime on; } - location /grafana/ { + location /influxdb/ { auth_request /auth/sessions/whoami; - rewrite /grafana/(.*) /$1 break; - proxy_pass http://{{ GLOBALS.manager_ip }}:3000/; + rewrite /influxdb/(.*) /$1 break; + proxy_pass http://{{ GLOBALS.manager_ip }}:8086/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; + proxy_set_header Authorization "Basic {{ influxauth }}"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml index d340b1f68..b83b94493 100644 --- a/salt/soc/defaults.yaml +++ b/salt/soc/defaults.yaml @@ -1076,11 +1076,11 @@ soc: icon: fa-external-link-alt target: so-osquery-manager link: /kibana/app/osquery/live_queries - - name: toolGrafana - description: toolGrafanaHelp + - name: toolInfluxDb + description: toolInfluxDbHelp icon: fa-external-link-alt - target: so-grafana - link: /grafana/d/so_overview + target: so-influxdb + link: /influxdb - name: toolCyberchef description: toolCyberchefHelp icon: fa-external-link-alt diff --git a/salt/soc/merged.map.jinja b/salt/soc/merged.map.jinja index 1944aab41..4ae7ce38e 100644 --- a/salt/soc/merged.map.jinja +++ b/salt/soc/merged.map.jinja @@ -27,11 +27,6 @@ {% do SOCMERGED.server.client.inactiveTools.append('toolFleet') %} -{% if pillar.manager.grafana == 0 %} -{% do SOCMERGED.server.client.inactiveTools.append('toolGrafana') %} -{% endif %} - - {% set standard_actions = SOCMERGED.pop('actions') %} {% if pillar.global.endgamehost is defined %} {% set endgame_dict = { diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls index df5e78f32..e5574e7d1 100644 --- a/salt/telegraf/init.sls +++ b/salt/telegraf/init.sls @@ -53,7 +53,7 @@ tgrafconf: TGMERGED: {{ TGMERGED }} # this file will be read by telegraf to send node details (management interface, monitor interface, etc) -# into influx so that Grafana can build dashboards using queries +# into influx node_config: file.managed: - name: /opt/so/conf/telegraf/node_config.json diff --git a/salt/top.sls b/salt/top.sls index 4b8531f4d..5745b02db 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -80,7 +80,6 @@ base: - nginx - telegraf - influxdb - - grafana - soc - kratos - firewall @@ -128,7 +127,6 @@ base: - nginx - telegraf - influxdb - - grafana - soc - kratos - firewall @@ -174,7 +172,6 @@ base: - nginx - telegraf - influxdb - - grafana - soc - kratos - firewall @@ -245,7 +242,6 @@ base: - nginx - telegraf - influxdb - - grafana - soc - kratos - firewall diff --git a/setup/automation/distributed-airgap-manager b/setup/automation/distributed-airgap-manager index ee55c5317..f9d2e7cdc 100644 --- a/setup/automation/distributed-airgap-manager +++ b/setup/automation/distributed-airgap-manager @@ -21,7 +21,6 @@ BASICSURI=2 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/distributed-airgap-search b/setup/automation/distributed-airgap-search index a3b7ffc3b..897014f3a 100644 --- a/setup/automation/distributed-airgap-search +++ b/setup/automation/distributed-airgap-search @@ -21,7 +21,6 @@ ADMINPASS2=onionuser # ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -# GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/distributed-airgap-sensor b/setup/automation/distributed-airgap-sensor index 3e6e46c6d..7f6565595 100644 --- a/setup/automation/distributed-airgap-sensor +++ b/setup/automation/distributed-airgap-sensor @@ -21,7 +21,6 @@ BNICS=eth1 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -# GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/distributed-cloud-manager b/setup/automation/distributed-cloud-manager index 721fb7e13..baaf4a11c 100644 --- a/setup/automation/distributed-cloud-manager +++ b/setup/automation/distributed-cloud-manager @@ -21,7 +21,6 @@ BASICSURI=2 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/distributed-cloud-search b/setup/automation/distributed-cloud-search index dc6c2f97f..42c6b5726 100644 --- a/setup/automation/distributed-cloud-search +++ b/setup/automation/distributed-cloud-search @@ -21,7 +21,6 @@ ADMINPASS2=onionuser #ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -#GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/distributed-cloud-sensor b/setup/automation/distributed-cloud-sensor index 56156e516..bb7f8716f 100644 --- a/setup/automation/distributed-cloud-sensor +++ b/setup/automation/distributed-cloud-sensor @@ -21,7 +21,6 @@ BNICS=eth1 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -#GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/distributed-iso-manager b/setup/automation/distributed-iso-manager index 32de661e7..c601d3283 100644 --- a/setup/automation/distributed-iso-manager +++ b/setup/automation/distributed-iso-manager @@ -21,7 +21,6 @@ BASICSURI=7 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/distributed-iso-search b/setup/automation/distributed-iso-search index 095436788..87165c053 100644 --- a/setup/automation/distributed-iso-search +++ b/setup/automation/distributed-iso-search @@ -21,7 +21,6 @@ ADMINPASS2=onionuser # ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -# GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/distributed-iso-sensor b/setup/automation/distributed-iso-sensor index 11a78b9c8..6762488f7 100644 --- a/setup/automation/distributed-iso-sensor +++ b/setup/automation/distributed-iso-sensor @@ -21,7 +21,6 @@ BNICS=eth1 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -# GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/distributed-net-centos-manager b/setup/automation/distributed-net-centos-manager index 32de661e7..c601d3283 100644 --- a/setup/automation/distributed-net-centos-manager +++ b/setup/automation/distributed-net-centos-manager @@ -21,7 +21,6 @@ BASICSURI=7 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/distributed-net-centos-search b/setup/automation/distributed-net-centos-search index ab67e11d8..8a3fb7784 100644 --- a/setup/automation/distributed-net-centos-search +++ b/setup/automation/distributed-net-centos-search @@ -21,7 +21,6 @@ ADMINPASS2=onionuser # ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -# GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/distributed-net-centos-sensor b/setup/automation/distributed-net-centos-sensor index b3f0d01d4..4b38ff510 100644 --- a/setup/automation/distributed-net-centos-sensor +++ b/setup/automation/distributed-net-centos-sensor @@ -21,7 +21,6 @@ BNICS=eth1 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -# GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/distributed-net-ubuntu-manager b/setup/automation/distributed-net-ubuntu-manager index 339f651ae..4cc4f65d9 100644 --- a/setup/automation/distributed-net-ubuntu-manager +++ b/setup/automation/distributed-net-ubuntu-manager @@ -21,7 +21,6 @@ BASICSURI=7 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/distributed-net-ubuntu-search b/setup/automation/distributed-net-ubuntu-search index 398432647..0ad135e1a 100644 --- a/setup/automation/distributed-net-ubuntu-search +++ b/setup/automation/distributed-net-ubuntu-search @@ -21,7 +21,6 @@ ADMINPASS2=onionuser # ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -# GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/distributed-net-ubuntu-sensor b/setup/automation/distributed-net-ubuntu-sensor index d25bf0080..c69ec3200 100644 --- a/setup/automation/distributed-net-ubuntu-sensor +++ b/setup/automation/distributed-net-ubuntu-sensor @@ -21,7 +21,6 @@ BNICS=ens19 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -# GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/distributed-net-ubuntu-suricata-manager b/setup/automation/distributed-net-ubuntu-suricata-manager index 614d12c6f..1285eb6ba 100644 --- a/setup/automation/distributed-net-ubuntu-suricata-manager +++ b/setup/automation/distributed-net-ubuntu-suricata-manager @@ -21,7 +21,6 @@ BASICSURI=7 ZEEKVERSION=SURICATA # CURCLOSEDAYS= # EVALADVANCED=BASIC -GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/distributed-net-ubuntu-suricata-search b/setup/automation/distributed-net-ubuntu-suricata-search index 138b273c4..bc1956e52 100644 --- a/setup/automation/distributed-net-ubuntu-suricata-search +++ b/setup/automation/distributed-net-ubuntu-suricata-search @@ -21,7 +21,6 @@ ADMINPASS2=onionuser # ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -# GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/distributed-net-ubuntu-suricata-sensor b/setup/automation/distributed-net-ubuntu-suricata-sensor index 58fb922a3..f54fd19a3 100644 --- a/setup/automation/distributed-net-ubuntu-suricata-sensor +++ b/setup/automation/distributed-net-ubuntu-suricata-sensor @@ -21,7 +21,6 @@ BNICS=ens19 ZEEKVERSION=SURICATA # CURCLOSEDAYS= # EVALADVANCED=BASIC -# GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/eval-airgap b/setup/automation/eval-airgap index 595d21a32..45235ccda 100644 --- a/setup/automation/eval-airgap +++ b/setup/automation/eval-airgap @@ -21,7 +21,6 @@ BNICS=eth1 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/eval-cloud b/setup/automation/eval-cloud index 997d7e53b..8a18cb78c 100644 --- a/setup/automation/eval-cloud +++ b/setup/automation/eval-cloud @@ -21,7 +21,6 @@ BNICS=eth1 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/eval-iso b/setup/automation/eval-iso index 5c41e1b12..a0bddf54f 100644 --- a/setup/automation/eval-iso +++ b/setup/automation/eval-iso @@ -21,7 +21,6 @@ BNICS=eth1 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/eval-net-centos b/setup/automation/eval-net-centos index b56b45a52..9ecab5ee0 100644 --- a/setup/automation/eval-net-centos +++ b/setup/automation/eval-net-centos @@ -21,7 +21,6 @@ BNICS=eth1 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/eval-net-ubuntu b/setup/automation/eval-net-ubuntu index 24c68896a..1f16bb336 100644 --- a/setup/automation/eval-net-ubuntu +++ b/setup/automation/eval-net-ubuntu @@ -21,7 +21,6 @@ BNICS=ens19 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/import-airgap b/setup/automation/import-airgap index d1d153177..1e3fdb70a 100644 --- a/setup/automation/import-airgap +++ b/setup/automation/import-airgap @@ -21,7 +21,6 @@ BASICSURI=2 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -# GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/import-cloud b/setup/automation/import-cloud index 684e487fd..e12b00863 100644 --- a/setup/automation/import-cloud +++ b/setup/automation/import-cloud @@ -21,7 +21,6 @@ BASICSURI=2 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -# GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/import-iso b/setup/automation/import-iso index 7ad671b37..ad111cff6 100644 --- a/setup/automation/import-iso +++ b/setup/automation/import-iso @@ -21,7 +21,6 @@ BASICSURI=2 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -# GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/import-net-centos b/setup/automation/import-net-centos index cfeef5cb4..a18400148 100644 --- a/setup/automation/import-net-centos +++ b/setup/automation/import-net-centos @@ -21,7 +21,6 @@ BASICSURI=2 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -# GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/import-net-ubuntu b/setup/automation/import-net-ubuntu index e6fcc2b6b..82240f4f6 100644 --- a/setup/automation/import-net-ubuntu +++ b/setup/automation/import-net-ubuntu @@ -21,7 +21,6 @@ BASICSURI=2 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -# GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/standalone-airgap b/setup/automation/standalone-airgap index 44be7b270..2c0a5af0f 100644 --- a/setup/automation/standalone-airgap +++ b/setup/automation/standalone-airgap @@ -21,7 +21,6 @@ BNICS=eth1 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/standalone-cloud b/setup/automation/standalone-cloud index 66c123362..01b3120fb 100644 --- a/setup/automation/standalone-cloud +++ b/setup/automation/standalone-cloud @@ -21,7 +21,6 @@ BNICS=eth1 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/standalone-iso b/setup/automation/standalone-iso index 11eac77b9..ea0f7ddb5 100644 --- a/setup/automation/standalone-iso +++ b/setup/automation/standalone-iso @@ -21,7 +21,6 @@ BNICS=eth1 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/standalone-iso-logscan b/setup/automation/standalone-iso-logscan index 9249fa4ed..9e5f29602 100644 --- a/setup/automation/standalone-iso-logscan +++ b/setup/automation/standalone-iso-logscan @@ -21,7 +21,6 @@ BNICS=eth1 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/standalone-iso-suricata b/setup/automation/standalone-iso-suricata index e14049a34..625930a07 100644 --- a/setup/automation/standalone-iso-suricata +++ b/setup/automation/standalone-iso-suricata @@ -21,7 +21,6 @@ BNICS=eth1 ZEEKVERSION=SURICATA # CURCLOSEDAYS= # EVALADVANCED=BASIC -GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/standalone-net-centos b/setup/automation/standalone-net-centos index 0b36e600a..4179ac39c 100644 --- a/setup/automation/standalone-net-centos +++ b/setup/automation/standalone-net-centos @@ -21,7 +21,6 @@ BNICS=eth1 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/standalone-net-centos-proxy b/setup/automation/standalone-net-centos-proxy index b22fc4b74..ffabf5ebd 100644 --- a/setup/automation/standalone-net-centos-proxy +++ b/setup/automation/standalone-net-centos-proxy @@ -21,7 +21,6 @@ BNICS=eth1 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/automation/standalone-net-ubuntu b/setup/automation/standalone-net-ubuntu index 9c62dda04..ad17ec756 100644 --- a/setup/automation/standalone-net-ubuntu +++ b/setup/automation/standalone-net-ubuntu @@ -21,7 +21,6 @@ BNICS=ens19 ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC -GRAFANA=1 # HELIXAPIKEY= HNMANAGER=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12 HNSENSOR=inherit diff --git a/setup/so-functions b/setup/so-functions index e15c7a191..b62c257b7 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1213,7 +1213,8 @@ generate_passwords(){ PLAYBOOKDBPASS=$(get_random_value) PLAYBOOKADMINPASS=$(get_random_value) PLAYBOOKAUTOMATIONPASS=$(get_random_value) - GRAFANAPASS=$(get_random_value) + INFLUXPASS=$(get_random_value) + INFLUXTOKEN=$(head -c 64 /dev/urandom | base64) SENSORONIKEY=$(get_random_value) KRATOSKEY=$(get_random_value) REDISPASS=$(get_random_value) @@ -1365,10 +1366,8 @@ manager_pillar() { touch $adv_manager_pillar_file title "Create the manager pillar" if [[ $is_import ]]; then - GRAFANA=0 PLAYBOOK=0 else - GRAFANA=1 PLAYBOOK=1 fi printf '%s\n'\ @@ -1376,7 +1375,6 @@ manager_pillar() { " proxy: '$so_proxy'"\ " no_proxy: '$no_proxy_string'"\ " elastalert: 1"\ - " grafana: $GRAFANA"\ " playbook: $PLAYBOOK"\ "" > "$manager_pillar_file" } @@ -2056,7 +2054,8 @@ secrets_pillar(){ " playbook_admin: $PLAYBOOKADMINPASS"\ " playbook_automation: $PLAYBOOKAUTOMATIONPASS"\ " playbook_automation_api_key: "\ - " grafana_admin: $GRAFANAPASS" > $local_salt_dir/pillar/secrets.sls + " influx_pass: $INFLUXPASS"\ + " influx_token: $INFLUXTOKEN" > $local_salt_dir/pillar/secrets.sls fi } From a1ac1785d340ec2597a418697a3bab6c536d2eef Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 8 Feb 2023 13:40:27 -0500 Subject: [PATCH 02/62] upgrade influx --- .../sbin/so-grafana-dashboard-folder-delete | 20 +++++++++++++++++++ salt/common/tools/sbin/so-grafana-restart | 12 +++++++++++ salt/common/tools/sbin/so-grafana-start | 12 +++++++++++ salt/common/tools/sbin/so-grafana-stop | 12 +++++++++++ salt/influxdb/map.jinja | 9 +++++++++ 5 files changed, 65 insertions(+) create mode 100644 salt/common/tools/sbin/so-grafana-dashboard-folder-delete create mode 100644 salt/common/tools/sbin/so-grafana-restart create mode 100644 salt/common/tools/sbin/so-grafana-start create mode 100644 salt/common/tools/sbin/so-grafana-stop create mode 100644 salt/influxdb/map.jinja diff --git a/salt/common/tools/sbin/so-grafana-dashboard-folder-delete b/salt/common/tools/sbin/so-grafana-dashboard-folder-delete new file mode 100644 index 000000000..0783fccea --- /dev/null +++ b/salt/common/tools/sbin/so-grafana-dashboard-folder-delete @@ -0,0 +1,20 @@ +# this script is used to delete the default Grafana dashboard folders that existed prior to Grafana dashboard and Salt management changes in 2.3.70 + +# Exit if an error occurs. The next highstate will retry. +set -e + +folders=$(curl -X GET http://admin:{{salt['pillar.get']('secrets:grafana_admin')}}@localhost:3000/api/folders | jq -r '.[] | @base64') +delfolder=("Manager" "Manager Search" "Sensor Nodes" "Search Nodes" "Standalone" "Eval Mode") + +for row in $folders; do + title=$(echo ${row} | base64 --decode | jq -r '.title') + uid=$(echo ${row} | base64 --decode | jq -r '.uid') + + if [[ " ${delfolder[@]} " =~ " ${title} " ]]; then + curl -X DELETE http://admin:{{salt['pillar.get']('secrets:grafana_admin')}}@localhost:3000/api/folders/$uid + fi +done + +echo "so-grafana-dashboard-folder-delete has been run to delete default Grafana dashboard folders that existed prior to 2.3.70" > /opt/so/state/so-grafana-dashboard-folder-delete-complete + +exit 0 diff --git a/salt/common/tools/sbin/so-grafana-restart b/salt/common/tools/sbin/so-grafana-restart new file mode 100644 index 000000000..f8fbcb9c1 --- /dev/null +++ b/salt/common/tools/sbin/so-grafana-restart @@ -0,0 +1,12 @@ +#!/bin/bash + +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + + + +. /usr/sbin/so-common + +/usr/sbin/so-restart grafana $1 diff --git a/salt/common/tools/sbin/so-grafana-start b/salt/common/tools/sbin/so-grafana-start new file mode 100644 index 000000000..dfea3b8dc --- /dev/null +++ b/salt/common/tools/sbin/so-grafana-start @@ -0,0 +1,12 @@ +#!/bin/bash + +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + + + +. /usr/sbin/so-common + +/usr/sbin/so-start grafana $1 diff --git a/salt/common/tools/sbin/so-grafana-stop b/salt/common/tools/sbin/so-grafana-stop new file mode 100644 index 000000000..62552f17f --- /dev/null +++ b/salt/common/tools/sbin/so-grafana-stop @@ -0,0 +1,12 @@ +#!/bin/bash + +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + + + +. /usr/sbin/so-common + +/usr/sbin/so-stop grafana $1 diff --git a/salt/influxdb/map.jinja b/salt/influxdb/map.jinja new file mode 100644 index 000000000..a13d4c257 --- /dev/null +++ b/salt/influxdb/map.jinja @@ -0,0 +1,9 @@ +{% import_yaml 'influxdb/defaults.yaml' as INFLUXDB %} +{% set measurements = salt['cmd.shell']('docker exec -t so-influxdb influx -format json -ssl -unsafeSsl -database telegraf -execute "show measurements" 2> /root/measurement_query.log | jq -r .results[0].series[0].values[]?[0] 2>> /root/measurement_query.log', shell='/bin/bash') %} + +{% if measurements|length > 0 %} +{% do INFLUXDB.influxdb.downsample.so_long_term.update('measurements': [])%} +{% for measurement in measurements.splitlines() %} +{% do INFLUXDB.influxdb.downsample.so_long_term.measurements.append(measurement)%} +{% endfor %} +{% endif %} From 51674b3a5bc25909b3d27e4a3b4350eae9016275 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 8 Feb 2023 13:50:32 -0500 Subject: [PATCH 03/62] upgrade influx --- .../sbin/so-grafana-dashboard-folder-delete | 20 ------------------- salt/common/tools/sbin/so-grafana-restart | 12 ----------- salt/common/tools/sbin/so-grafana-start | 12 ----------- salt/common/tools/sbin/so-grafana-stop | 12 ----------- 4 files changed, 56 deletions(-) delete mode 100644 salt/common/tools/sbin/so-grafana-dashboard-folder-delete delete mode 100644 salt/common/tools/sbin/so-grafana-restart delete mode 100644 salt/common/tools/sbin/so-grafana-start delete mode 100644 salt/common/tools/sbin/so-grafana-stop diff --git a/salt/common/tools/sbin/so-grafana-dashboard-folder-delete b/salt/common/tools/sbin/so-grafana-dashboard-folder-delete deleted file mode 100644 index 0783fccea..000000000 --- a/salt/common/tools/sbin/so-grafana-dashboard-folder-delete +++ /dev/null @@ -1,20 +0,0 @@ -# this script is used to delete the default Grafana dashboard folders that existed prior to Grafana dashboard and Salt management changes in 2.3.70 - -# Exit if an error occurs. The next highstate will retry. -set -e - -folders=$(curl -X GET http://admin:{{salt['pillar.get']('secrets:grafana_admin')}}@localhost:3000/api/folders | jq -r '.[] | @base64') -delfolder=("Manager" "Manager Search" "Sensor Nodes" "Search Nodes" "Standalone" "Eval Mode") - -for row in $folders; do - title=$(echo ${row} | base64 --decode | jq -r '.title') - uid=$(echo ${row} | base64 --decode | jq -r '.uid') - - if [[ " ${delfolder[@]} " =~ " ${title} " ]]; then - curl -X DELETE http://admin:{{salt['pillar.get']('secrets:grafana_admin')}}@localhost:3000/api/folders/$uid - fi -done - -echo "so-grafana-dashboard-folder-delete has been run to delete default Grafana dashboard folders that existed prior to 2.3.70" > /opt/so/state/so-grafana-dashboard-folder-delete-complete - -exit 0 diff --git a/salt/common/tools/sbin/so-grafana-restart b/salt/common/tools/sbin/so-grafana-restart deleted file mode 100644 index f8fbcb9c1..000000000 --- a/salt/common/tools/sbin/so-grafana-restart +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - - -. /usr/sbin/so-common - -/usr/sbin/so-restart grafana $1 diff --git a/salt/common/tools/sbin/so-grafana-start b/salt/common/tools/sbin/so-grafana-start deleted file mode 100644 index dfea3b8dc..000000000 --- a/salt/common/tools/sbin/so-grafana-start +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - - -. /usr/sbin/so-common - -/usr/sbin/so-start grafana $1 diff --git a/salt/common/tools/sbin/so-grafana-stop b/salt/common/tools/sbin/so-grafana-stop deleted file mode 100644 index 62552f17f..000000000 --- a/salt/common/tools/sbin/so-grafana-stop +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - - -. /usr/sbin/so-common - -/usr/sbin/so-stop grafana $1 From 44e60f1e57f7d607c952c840828943858c818a7f Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 8 Feb 2023 14:03:27 -0500 Subject: [PATCH 04/62] upgrade influx --- salt/influxdb/templates/container.json | 1 + salt/influxdb/templates/host.json | 1 + salt/influxdb/templates/role.json | 1 + salt/influxdb/templates/security_onion_performance.json | 1 + 4 files changed, 4 insertions(+) create mode 100644 salt/influxdb/templates/container.json create mode 100644 salt/influxdb/templates/host.json create mode 100644 salt/influxdb/templates/role.json create mode 100644 salt/influxdb/templates/security_onion_performance.json diff --git a/salt/influxdb/templates/container.json b/salt/influxdb/templates/container.json new file mode 100644 index 000000000..77ff20bde --- /dev/null +++ b/salt/influxdb/templates/container.json @@ -0,0 +1 @@ +[{"apiVersion":"influxdata.com/v2alpha1","kind":"Variable","metadata":{"name":"variable-container"},"spec":{"language":"flux","name":"container","query":"import \"array\"\n\ndynamic = from(bucket: \"telegraf\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"host\"] == v.host)\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> keep(columns: [\"container_name\"])\n |> rename(fn: (column) => \"_value\")\n |> unique()\n\nstatic = array.from(\n rows: [\n {\n _value: \"All\",\n },\n ],\n)\n\nunion(tables: [static, dynamic])","selected":["cool_gauss"],"type":"query"}}] diff --git a/salt/influxdb/templates/host.json b/salt/influxdb/templates/host.json new file mode 100644 index 000000000..adfdf884f --- /dev/null +++ b/salt/influxdb/templates/host.json @@ -0,0 +1 @@ +[{"apiVersion":"influxdata.com/v2alpha1","kind":"Variable","metadata":{"name":"variable-host"},"spec":{"language":"flux","name":"host","query":"import \"influxdata/influxdb/schema\"\nimport \"array\"\n\ndynamic = schema.tagValues(bucket: \"telegraf\", tag: \"host\")\n\nstatic = array.from(\n rows: [\n {\n _value: \"All\",\n },\n ],\n)\n\nunion(tables: [static, dynamic])","selected":["dev"],"type":"query"}}] diff --git a/salt/influxdb/templates/role.json b/salt/influxdb/templates/role.json new file mode 100644 index 000000000..72b48bdd7 --- /dev/null +++ b/salt/influxdb/templates/role.json @@ -0,0 +1 @@ +[{"apiVersion":"influxdata.com/v2alpha1","kind":"Variable","metadata":{"name":"variable-role"},"spec":{"language":"flux","name":"role","query":"import \"influxdata/influxdb/schema\"\nimport \"array\"\n\ndynamic = schema.tagValues(bucket: \"telegraf\", tag: \"role\")\n\nstatic = array.from(\n rows: [\n {\n _value: \"All\",\n },\n ],\n)\n\nunion(tables: [static, dynamic])","selected":["standalone"],"type":"query"}}] diff --git a/salt/influxdb/templates/security_onion_performance.json b/salt/influxdb/templates/security_onion_performance.json new file mode 100644 index 000000000..9baa33b8d --- /dev/null +++ b/salt/influxdb/templates/security_onion_performance.json @@ -0,0 +1 @@ +[{"apiVersion":"influxdata.com/v2alpha1","kind":"Dashboard","metadata":{"name":"dashboard-so"},"spec":{"charts":[{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Uptime","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime\")\n |> hostFilter()\n |> map(fn: (r) => ({r with _value: r._value / (24 * 60 * 60)}))\n |> group(columns: [\"host\"])\n |> last()\n |> lowestMin(n:1)"}],"staticLegend":{},"suffix":" days","width":1},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":70},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":80},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"CPU Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"yPos":2},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Redis Queue","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"unparsed\")\n |> group(columns: [\"host\", \"_field\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_unparsed\")\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"host\", \"_field\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System Uptime","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: true)\n |> map(fn: (r) => ({r with _value: r._value / (24 * 60 * 60)}))\n |> yield(name: \"last\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_uptime\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: true)\n |> map(fn: (r) => ({r with _value: r._value / (24.0 * 60.0 * 60.0)}))\n |> yield(name: \"last\")"}],"shade":true,"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":10},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System CPU Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_usage_idle\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\",\"host\", \"role\"])\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":14},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System Memory Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Monitor Interface Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_recv\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":22},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Management Interface Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_recv\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":26},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Stenographer Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_drop\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Disk Usage /","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":34},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Stenographer PCAP Retention","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"seconds\")\n |> map(fn: (r) => ({ r with _value: r._value / (24.0 * 3600.0)}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_seconds\")\n |> set(key: \"_field\", value: \"Trend\")\n |> map(fn: (r) => ({ r with _value: r._value / (24.0 * 3600.0)}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"5m Load Average","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"load5\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":1},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"IOWait","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_iowait\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":2},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Estimated EPS In","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"in\")\n |> hostFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":3},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":70},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":80},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"Memory Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":3,"yPos":2},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":" e/s"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Logstash EPS","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"in\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"out\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: -r._value}))\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_in\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> set(key: \"_field\", value: \"Trend In\")\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_out\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: -r._value}))\n |> set(key: \"_field\", value: \"Trend Out\")\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":3,"yCol":"_value","yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Suricata Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":3,"yCol":"_value","yPos":30},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Redis Queue","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"unparsed\")\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":4},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Uptime","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_status\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime_ns\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: true)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> map(fn: (r) => ({r with _value: r._value / (24 * 60 * 60 * 1000000000)}))\n |> yield(name: \"last\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_status\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_uptime_ns\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: true)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> map(fn: (r) => ({r with _value: r._value / (24.0 * 60.0 * 60.0 * 1000000000.0)}))\n |> yield(name: \"last\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":10},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"yT5vTIlaaFChSrQvKLfqf","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"mzzUVSu3ibTph1JmQmDAQ","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"mOcnDo7l8ii6qNLFIB5rs","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container CPU Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_usage_percent\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":14},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Memory Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_usage_percent\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_net\")\n |> filter(fn: (r) => r[\"_field\"] == \"rx_bytes\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_net\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_rx_bytes\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with _value: r._value * 8.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":22},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Monitor Traffic","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\") \n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: r._value * 8.0 / (1000.0 * 1000.0)}))\n |> group(columns: [\"host\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> last()\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":" Mb/s","width":1,"xPos":5},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Zeek Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":6},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":50},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":70},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"Swap Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":6,"yPos":2},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"s"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elastic Ingest Time Spent","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_community_id_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"community.id_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_conditional_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"conditional_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_date_index_name_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"date.index.name_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_date_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"date_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_dissect_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"dissect_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_dot_expander_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"dot.expander_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_geoip_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"geoip_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_grok_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"grok_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_json_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"json_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_kv_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"kv_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_lowercase_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"lowercase_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_rename_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"rename_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_script_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"script_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_user_agent_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"user.agent_time\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Management Interface Traffic - Outbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_sent\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n \n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_sent\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_bytes_sent\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n \n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":26},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Zeek Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Disk Usage /nsm","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key:\"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":34},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"B"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elasticsearch Storage Size","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"store_size_in_bytes\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_store_size_in_bytes\")\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Suricata Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":7},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Stenographer Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":8},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"1m Load Average","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"load1\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_load1\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\",\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":10,"yTickStep":1},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"UAehjIsi65P8u92M_3sQY","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"_SCP8Npp4NVMx2N4mfuzX","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"BoMPg4R1KDp_UsRORdV3_","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"IO Wait","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_iowait\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_usage_iowait\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":14},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Swap Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Monitor Interface Drops - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop_in\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"drop_in\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_drop_in\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":22},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Capture Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"loss\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":9},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":95},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":85},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"NSM Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":9,"yPos":2},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elasticsearch Document Count","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"docs_count\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_docs_count\")\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":9,"yCol":"_value","yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Zeek Capture Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"loss\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_loss\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":9,"yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"B"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"InfluxDB Size","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"influxsize\")\n |> filter(fn: (r) => r[\"_field\"] == \"kbytes\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 1000.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"influxsize\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_kbytes\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 1000.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":9,"yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"viridian","type":"text","hex":"#32B08C"},{"id":"SpQHOj76fJwL4uNUdgA_L","name":"pineapple","type":"text","hex":"#FFB94A","value":85},{"id":"FALp969me_9GTrRtLYaab","name":"ruby","type":"text","hex":"#BF3D5E","value":95}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"RootFS Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","width":1,"xPos":10},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"PCAP Retention","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"seconds\")\n |> hostFilter()\n |> map(fn: (r) => ({r with _value: r._value / (24.0 * 60.0 * 60.0)}))\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":" days","width":1,"xPos":11}],"name":"Security Onion Performance"}}] From 67c8f6ba69cf67e8fccfe5e1fe084587c5106e11 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 8 Feb 2023 14:25:36 -0500 Subject: [PATCH 05/62] avoid cr/lr --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 31405a2d8..8dbd920f6 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1214,7 +1214,7 @@ generate_passwords(){ PLAYBOOKADMINPASS=$(get_random_value) PLAYBOOKAUTOMATIONPASS=$(get_random_value) INFLUXPASS=$(get_random_value) - INFLUXTOKEN=$(head -c 64 /dev/urandom | base64) + INFLUXTOKEN=$(head -c 64 /dev/urandom | base64 -wrap=0) SENSORONIKEY=$(get_random_value) KRATOSKEY=$(get_random_value) REDISPASS=$(get_random_value) From 2fddcc1e9948d2690622f05debbba36f7b2dfaea Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 8 Feb 2023 14:57:57 -0500 Subject: [PATCH 06/62] upgrade influx --- salt/influxdb/init.sls | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls index ae98c908b..bdc14c5f8 100644 --- a/salt/influxdb/init.sls +++ b/salt/influxdb/init.sls @@ -3,11 +3,10 @@ {% from 'docker/docker.map.jinja' import DOCKER %} {% from 'vars/globals.map.jinja' import GLOBALS %} +{% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-eval', 'so-import'] %} {% set PASSWORD = salt['pillar.get']('secrets:influx_pass') %} {% set TOKEN = salt['pillar.get']('secrets:influx_token') %} -{% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-eval', 'so-import'] %} - include: - salt.minion - ssl @@ -89,6 +88,8 @@ get_influxdb_size: - month: '*' - dayweek: '*' +{% endif %} + {% else %} {{sls}}_state_not_allowed: From 22eaeb14621021b0605b1dc04efb92f28d93c01b Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 8 Feb 2023 15:00:44 -0500 Subject: [PATCH 07/62] upgrade influx --- salt/influxdb/init.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls index bdc14c5f8..2fbf88d3a 100644 --- a/salt/influxdb/init.sls +++ b/salt/influxdb/init.sls @@ -50,11 +50,11 @@ so-influxdb: - INFLUXDB_HTTP_LOG_ENABLED=false - DOCKER_INFLUXDB_INIT_MODE=setup - DOCKER_INFLUXDB_INIT_USERNAME=so - - DOCKER_INFLUXDB_INIT_PASSWORD={{ password }} + - DOCKER_INFLUXDB_INIT_PASSWORD={{ PASSWORD }} - DOCKER_INFLUXDB_INIT_ORG="Security Onion" - DOCKER_INFLUXDB_INIT_BUCKET=telegraf/so_short_term - DOCKER_INFLUXDB_INIT_RETENTION=30d - - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN={{ token }} + - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN={{ TOKEN }} - binds: - /opt/so/log/influxdb/:/log:rw - /opt/so/conf/influxdb/config.yaml:/conf/config.yaml:ro From 713e9ee215484bbb857a52fd6cafa5ec8ed02b84 Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 8 Feb 2023 20:10:41 +0000 Subject: [PATCH 08/62] Create initial template for ILM policy load script --- .../sbin/so-elasticsearch-ilm-policy-load | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 salt/common/tools/sbin/so-elasticsearch-ilm-policy-load diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-policy-load b/salt/common/tools/sbin/so-elasticsearch-ilm-policy-load new file mode 100644 index 000000000..2780ab59e --- /dev/null +++ b/salt/common/tools/sbin/so-elasticsearch-ilm-policy-load @@ -0,0 +1,19 @@ +#/bin/bash +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +. /usr/sbin/so-common + +{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} + +# Set up ILM policies +echo +echo "Setting up default Security Onion index lifecycle management policies..." + +# Zeek logs +echo +echo "Setting up Zeek ILM policy..." +curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/so-zeek-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "1gb", "max_age": "30d" } } } } } }' +echo From abbc92a58d6cd839459f3d20a07c0e43f3181a2c Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 8 Feb 2023 15:14:46 -0500 Subject: [PATCH 09/62] upgrade influx --- VERSION | 2 +- setup/so-functions | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/VERSION b/VERSION index 197c4d5c2..7f2e97617 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4.0 +2.4.0-kilo diff --git a/setup/so-functions b/setup/so-functions index 8dbd920f6..34bbe0610 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1214,7 +1214,7 @@ generate_passwords(){ PLAYBOOKADMINPASS=$(get_random_value) PLAYBOOKAUTOMATIONPASS=$(get_random_value) INFLUXPASS=$(get_random_value) - INFLUXTOKEN=$(head -c 64 /dev/urandom | base64 -wrap=0) + INFLUXTOKEN=$(head -c 64 /dev/urandom | base64 --wrap=0) SENSORONIKEY=$(get_random_value) KRATOSKEY=$(get_random_value) REDISPASS=$(get_random_value) From c43e69ad931718e44f454c6efac777ca84434f4b Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 8 Feb 2023 15:57:14 -0500 Subject: [PATCH 10/62] influx upgrade --- salt/nginx/etc/nginx.conf | 2 +- salt/nginx/init.sls | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index 52d3613a3..d72052a01 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -2,7 +2,7 @@ {%- set role = grains.id.split('_') | last %} {%- set influxpass = salt['pillar.get']('secrets:influx_pass') %} -{%- set influxauth = 'so:' + influxpass | base64 %} +{%- set influxauth = ('so:' + influxpass) | base64_encode %} worker_processes auto; error_log /var/log/nginx/error.log; diff --git a/salt/nginx/init.sls b/salt/nginx/init.sls index eac0e9ac8..d6839814f 100644 --- a/salt/nginx/init.sls +++ b/salt/nginx/init.sls @@ -28,6 +28,7 @@ nginxconf: - group: 939 - template: jinja - source: salt://nginx/etc/nginx.conf + - show_changes: False nginxlogdir: file.directory: From d6d01f8542aa50d37b03a01b87604995a5d63417 Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 8 Feb 2023 21:01:02 +0000 Subject: [PATCH 11/62] Add initial ILM policy view script --- .../tools/sbin/so-elasticsearch-ilm-policy-view | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 salt/common/tools/sbin/so-elasticsearch-ilm-policy-view diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-policy-view b/salt/common/tools/sbin/so-elasticsearch-ilm-policy-view new file mode 100644 index 000000000..d69e328fe --- /dev/null +++ b/salt/common/tools/sbin/so-elasticsearch-ilm-policy-view @@ -0,0 +1,15 @@ +#/bin/bash +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +. /usr/sbin/so-common + +{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} + +if [ "$1" == "" ]; then + curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_ilm/policy | jq . +else + curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_ilm/policy/$1 | jq .[] +fi From 8ff0cf21cdf82df0530c2e806db1cd6fe5a8d9fb Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 8 Feb 2023 16:03:10 -0500 Subject: [PATCH 12/62] influx upgrade --- salt/influxdb/soc_influxdb.yaml | 110 ++++++++++++++++---------------- 1 file changed, 55 insertions(+), 55 deletions(-) diff --git a/salt/influxdb/soc_influxdb.yaml b/salt/influxdb/soc_influxdb.yaml index 54e6df09b..ef6519471 100644 --- a/salt/influxdb/soc_influxdb.yaml +++ b/salt/influxdb/soc_influxdb.yaml @@ -1,11 +1,11 @@ influxdb: config: - bolt-path: /var/lib/influxdb2/influxd.bolt + bolt-path: description: Path to the bolt DB file located inside the so-influxdb container. global: True advanced: True helpLink: influxdb.html - engine-path: /var/lib/influxdb2/engine + engine-path: description: Path to the engine directory located inside the so-influxdb container. This directory stores the time series data. global: True advanced: True @@ -15,52 +15,52 @@ influxdb: global: True advanced: True helpLink: influxdb.html - flux-log-enabled: false + flux-log-enabled: description: Controls whether detailed flux query logging is enabled. global: True advanced: True helpLink: influxdb.html - hardening-enabled: true + hardening-enabled: description: If true, enforces outbound connections from the InfluxDB process must never attempt to reach an internal, private network address. global: True advanced: True helpLink: influxdb.html - http-bind-address: :8086 + http-bind-address: description: The URL and port on which InfluxDB will listen for new connections. global: True advanced: True helpLink: influxdb.html - http-idle-timeout: 0 + http-idle-timeout: description: Keep-alive timeout while a connection waits for new requests. A value of 0 is the same as no timeout enforced. global: True advanced: True helpLink: influxdb.html - http-read-header-timeout: 10s + http-read-header-timeout: description: The duration to wait for a request header before closing the connection. A value of 0 is the same as no timeout enforced. global: True advanced: True helpLink: influxdb.html - http-read-timeout: 0 + http-read-timeout: description: The duration to wait for the request to be fully read before closing the connection. A value of 0 is the same as no timeout enforced. global: True advanced: True helpLink: influxdb.html - http-write-timeout: 0 + http-write-timeout: description: The duration to wait for the response to be fully written before closing the connection. A value of 0 is the same as no timeout enforced. global: True advanced: True helpLink: influxdb.html - influxql-max-select-buckets: 0 + influxql-max-select-buckets: description: Maximum number of group-by clauses in a SELECT statement. A value of 0 is the same as unlimited. global: True advanced: True helpLink: influxdb.html - influxql-max-select-point: 0 + influxql-max-select-point: description: Maximum number of points that can be queried in a SELECT statement. A value of 0 is the same as unlimited. global: True advanced: True helpLink: influxdb.html - influxql-max-select-series: 0 + influxql-max-select-series: description: Maximum number of series that can be returned in a SELECT statement. A value of 0 is the same as unlimited. global: True advanced: True @@ -70,205 +70,205 @@ influxdb: global: True advanced: True helpLink: influxdb.html - log-level: info + log-level: description: The log level to use for outputting log statements. Allowed values are debug, info, or error. global: True advanced: false regex: ^(info|debug|error)$ helpLink: influxdb.html - metrics-disabled: true + metrics-disabled: description: If true, the HTTP endpoint that exposes internal InfluxDB metrics will be inaccessible. global: True advanced: True helpLink: influxdb.html - no-tasks: false + no-tasks: description: If true, the task system will not process any queued tasks. Useful for troubleshooting startup problems. global: True advanced: True helpLink: influxdb.html - pprof-disabled: true + pprof-disabled: description: If true, the profiling data HTTP endpoint will be inaccessible. global: True advanced: True helpLink: influxdb.html - query-concurrency: 100 + query-concurrency: description: Maximum number of queries to execute concurrently. A value of 0 is the same as unlimited. global: True advanced: True helpLink: influxdb.html - query-initial-memory-bytes: 1073741824 + query-initial-memory-bytes: description: The initial number of bytes of memory to allocate for a new query. global: True advanced: True helpLink: influxdb.html - query-max-memory-bytes: 107374182400 + query-max-memory-bytes: description: The number of bytes of memory to allocate to all running queries. Should typically be the query bytes times the max concurrent queries. global: True advanced: True helpLink: influxdb.html - query-memory-bytes: 1073741824 + query-memory-bytes: description: Maximum number of bytes of memory to allocate to a query. global: True advanced: True helpLink: influxdb.html - query-queue-size: 500 + query-queue-size: description: Maximum number of queries that can be queued at one time. If this value is reached, new queries will not be queued. A value of 0 is the same as unlimited. global: True advanced: True helpLink: influxdb.html - reporting-disabled: true + reporting-disabled: description: If true, prevents InfluxDB from sending telemetry updates to InfluxData's servers. global: True advanced: True helpLink: influxdb.html - secret-store: bolt + secret-store: description: Determines the type of storage used for secrets. Allowed values are bolt or vault. global: True advanced: True regex: ^(bolt|vault)$ helpLink: influxdb.html - session-length: 60 + session-length: description: Number of minutes that a user login session can remain authenticated. global: True advanced: True helpLink: influxdb.html - session-renew-disabled: false + session-renew-disabled: description: If true, user login sessions will renew after each request. global: True advanced: True helpLink: influxdb.html - sqlite-path: /var/lib/influxdb2/influxd.sqlite + sqlite-path: description: Path to the Sqlite3 database inside the container. This database stored user data and other information about the database. global: True advanced: True helpLink: influxdb.html - storage-cache-max-memory-size: 1073741824 + storage-cache-max-memory-size: description: Maximum number of bytes to allocate to cache data per shard. If exceeded, new data writes will be rejected. global: True advanced: True helpLink: influxdb.html - storage-cache-snapshot-memory-size: 26214400 + storage-cache-snapshot-memory-size: description: Number of bytes to allocate to cache snapshot data. When the cache reaches this size, it will be written to disk to increase available memory. global: True advanced: True helpLink: influxdb.html - storage-cache-snapshot-write-cold-duration: 10m0s + storage-cache-snapshot-write-cold-duration: description: Duration between snapshot writes to disk when the shard data hasn't been modified. global: True advanced: True helpLink: influxdb.html - storage-compact-full-write-cold-duration: 4h0m0s + storage-compact-full-write-cold-duration: description: Duration between shard compactions when the shard data hasn't been modified. global: True advanced: True helpLink: influxdb.html - storage-compact-throughput-burst: 50331648 + storage-compact-throughput-burst: description: Maximum throughput (number of bytes per second) that compactions be written to disk. global: True advanced: True helpLink: influxdb.html - storage-max-concurrent-compactions: 0 + storage-max-concurrent-compactions: description: Maximum number of concurrent compactions. A value of 0 is the same as half the available CPU processors (procs). global: True advanced: True helpLink: influxdb.html - storage-max-index-log-file-size: 1048576 + storage-max-index-log-file-size: description: Maximum number of bytes of a write-ahead log (WAL) file before it will be compacted into an index on disk. global: True advanced: True helpLink: influxdb.html - storage-no-validate-field-size: false + storage-no-validate-field-size: description: If true, incoming requests will skip the field size validation. global: True advanced: True helpLink: influxdb.html - storage-retention-check-interval: 30m0s + storage-retention-check-interval: description: Interval between reviewing each bucket's retention policy and the age of the associated data. global: True advanced: True helpLink: influxdb.html - storage-series-file-max-concurrent-snapshot-compactions: 0 + storage-series-file-max-concurrent-snapshot-compactions: description: Maximum number of concurrent snapshot compactions across all database partitions. global: True advanced: True helpLink: influxdb.html - storage-series-id-set-cache-size: 100 + storage-series-id-set-cache-size: description: Maximum size of the series cache results. Higher values may increase performance for repeated data lookups. global: True advanced: True helpLink: influxdb.html - storage-shard-precreator-advance-period: 30m0s + storage-shard-precreator-advance-period: description: The duration before a successor shard group is created after the end-time has been reached. global: True advanced: True helpLink: influxdb.html - storage-shard-precreator-check-interval: 10m0s + storage-shard-precreator-check-interval: description: Interval between checking if new shards should be created. global: True advanced: True helpLink: influxdb.html - storage-tsm-use-madv-willneed: false + storage-tsm-use-madv-willneed: description: If true, InfluxDB will manage TSM memory paging. global: True advanced: True helpLink: influxdb.html - storage-validate-keys: false + storage-validate-keys: description: If true, validates incoming requests for supported characters. global: True advanced: True helpLink: influxdb.html - storage-wal-fsync-delay: 0s + storage-wal-fsync-delay: description: Duration to wait before calling fsync. Useful for handling conflicts on slower disks. global: True advanced: True helpLink: influxdb.html - storage-wal-max-concurrent-writes: 0 + storage-wal-max-concurrent-writes: description: Maximum number of concurrent write-ahead log (WAL) writes to disk. The value of 0 is the same as CPU processors (procs) x 2. global: True advanced: True helpLink: influxdb.html - storage-wal-max-write-delay: 10m + storage-wal-max-write-delay: description: Maximum duration to wait before writing the write-ahead log (WAL) to disk, when the concurrency limit has been exceeded. A value of 0 is the same as no timeout. global: True advanced: True helpLink: influxdb.html - storage-write-timeout: 10s + storage-write-timeout: description: Maximum time to wait for a write-ahead log (WAL) to write to disk before aborting. global: True advanced: True helpLink: influxdb.html - store: disk + store: description: The type of data store to use for HTTP resources. Allowed values are disk or memory. Memory should not be used for production Security Onion installations. global: True advanced: True regex: ^(disk|memory)$ helpLink: influxdb.html - tls-cert: /conf/influxdb.crt + tls-cert: description: The container path to the certificate to use for TLS encryption of the HTTP requests and responses. global: True advanced: True helpLink: influxdb.html - tls-key: /conf/influxdb.key + tls-key: description: The container path to the certificate key to use for TLS encryption of the HTTP requests and responses. global: True advanced: True helpLink: influxdb.html - tls-min-version: 1.2 + tls-min-version: description: The minimum supported version of TLS to be enforced on all incoming HTTP requests. global: True advanced: True helpLink: influxdb.html - tls-strict-ciphers: true + tls-strict-ciphers: description: If true, the allowed ciphers used with TLS connections are ECDHE_RSA_WITH_AES_256_GCM_SHA384, ECDHE_RSA_WITH_AES_256_CBC_SHA, RSA_WITH_AES_256_GCM_SHA384, or RSA_WITH_AES_256_CBC_SHA. global: True advanced: True helpLink: influxdb.html - tracing-type: log + tracing-type: description: The tracing format for debugging purposes. Allowed values are log or jaeger, or leave blank to disable tracing. global: True advanced: True helpLink: influxdb.html - ui-disabled: false + ui-disabled: description: If true, the InfluxDB HTTP user interface will be disabled. This will prevent use of the included InfluxDB dashboard visualizations. global: True advanced: True @@ -298,17 +298,17 @@ influxdb: global: True advanced: True helpLink: influxdb.html - vault-client-timeout: 60s + vault-client-timeout: description: Duration to wait for a response from the Vault server before aborting. global: True advanced: True helpLink: influxdb.html - vault-max-retries: 2 + vault-max-retries: description: Maximum number of retries when attempting to contact the Vault server. A value of 0 is the same as disabling retries. global: True advanced: True helpLink: influxdb.html - vault-skip-verify: false + vault-skip-verify: description: Skip certification validation of the Vault server. global: True advanced: True From 80270550867d4f166c619b6d07cd8958425b38b9 Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 8 Feb 2023 21:09:42 +0000 Subject: [PATCH 13/62] Add initial ILM policy delete script --- .../tools/sbin/so-elasticsearch-ilm-policy-delete | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 salt/common/tools/sbin/so-elasticsearch-ilm-policy-delete diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-policy-delete b/salt/common/tools/sbin/so-elasticsearch-ilm-policy-delete new file mode 100644 index 000000000..108dd1178 --- /dev/null +++ b/salt/common/tools/sbin/so-elasticsearch-ilm-policy-delete @@ -0,0 +1,11 @@ +#/bin/bash +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +. /usr/sbin/so-common + +{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} + +curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L -X DELETE https://{{ NODEIP }}:9200/_ilm/policy/$1 From b38f4ca7661edb58d1dc815633d5a7dc03eee111 Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 8 Feb 2023 21:29:16 +0000 Subject: [PATCH 14/62] Add initial ILM service stop script --- salt/common/tools/sbin/so-elasticsaerch-ilm-stop | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 salt/common/tools/sbin/so-elasticsaerch-ilm-stop diff --git a/salt/common/tools/sbin/so-elasticsaerch-ilm-stop b/salt/common/tools/sbin/so-elasticsaerch-ilm-stop new file mode 100644 index 000000000..23c068918 --- /dev/null +++ b/salt/common/tools/sbin/so-elasticsaerch-ilm-stop @@ -0,0 +1,12 @@ +#/bin/bash +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +. /usr/sbin/so-common + +{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} + +echo "Stopping ILM..." +curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L -X POST https://{{ NODEIP }}:9200/_ilm/stop From 03849b0659f994c39a07791e4a9179c3e9fa42b8 Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 8 Feb 2023 21:29:38 +0000 Subject: [PATCH 15/62] Add initial ILM service start script --- salt/common/tools/sbin/so-elasticsaerch-ilm-start | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 salt/common/tools/sbin/so-elasticsaerch-ilm-start diff --git a/salt/common/tools/sbin/so-elasticsaerch-ilm-start b/salt/common/tools/sbin/so-elasticsaerch-ilm-start new file mode 100644 index 000000000..98dd38e9e --- /dev/null +++ b/salt/common/tools/sbin/so-elasticsaerch-ilm-start @@ -0,0 +1,12 @@ +/bin/bash +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +. /usr/sbin/so-common + +{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} + +echo "Starting ILM..." +curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L -X POST https://{{ NODEIP }}:9200/_ilm/start From 1de3871ee9fd148cb54aa88d631a06c940b2d75c Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 8 Feb 2023 21:30:25 +0000 Subject: [PATCH 16/62] Add initial ILM service restart script --- salt/common/tools/sbin/so-elasticsaerch-ilm-restart | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 salt/common/tools/sbin/so-elasticsaerch-ilm-restart diff --git a/salt/common/tools/sbin/so-elasticsaerch-ilm-restart b/salt/common/tools/sbin/so-elasticsaerch-ilm-restart new file mode 100644 index 000000000..7f422ed6e --- /dev/null +++ b/salt/common/tools/sbin/so-elasticsaerch-ilm-restart @@ -0,0 +1,10 @@ +#/bin/bash +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +. /usr/sbin/so-common + +so-elasticsearch-ilm-stop +so-elasticsearch-ilm-start From 3e31bda2854a54767e633640353857c699b8872d Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 8 Feb 2023 21:32:17 +0000 Subject: [PATCH 17/62] Fix typo in Elasticsearch portion of script names --- ...{so-elasticsaerch-ilm-restart => so-elasticsearch-ilm-restart} | 0 .../{so-elasticsaerch-ilm-start => so-elasticsearch-ilm-start} | 0 .../sbin/{so-elasticsaerch-ilm-stop => so-elasticsearch-ilm-stop} | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename salt/common/tools/sbin/{so-elasticsaerch-ilm-restart => so-elasticsearch-ilm-restart} (100%) rename salt/common/tools/sbin/{so-elasticsaerch-ilm-start => so-elasticsearch-ilm-start} (100%) rename salt/common/tools/sbin/{so-elasticsaerch-ilm-stop => so-elasticsearch-ilm-stop} (100%) diff --git a/salt/common/tools/sbin/so-elasticsaerch-ilm-restart b/salt/common/tools/sbin/so-elasticsearch-ilm-restart similarity index 100% rename from salt/common/tools/sbin/so-elasticsaerch-ilm-restart rename to salt/common/tools/sbin/so-elasticsearch-ilm-restart diff --git a/salt/common/tools/sbin/so-elasticsaerch-ilm-start b/salt/common/tools/sbin/so-elasticsearch-ilm-start similarity index 100% rename from salt/common/tools/sbin/so-elasticsaerch-ilm-start rename to salt/common/tools/sbin/so-elasticsearch-ilm-start diff --git a/salt/common/tools/sbin/so-elasticsaerch-ilm-stop b/salt/common/tools/sbin/so-elasticsearch-ilm-stop similarity index 100% rename from salt/common/tools/sbin/so-elasticsaerch-ilm-stop rename to salt/common/tools/sbin/so-elasticsearch-ilm-stop From 91d24d36f9a4f15fe91cb408042417f2514b9c28 Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 8 Feb 2023 21:34:15 +0000 Subject: [PATCH 18/62] Add initial ILM lifecycle status explanation script --- .../tools/sbin/so-elasticsearch-ilm-explain | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 salt/common/tools/sbin/so-elasticsearch-ilm-explain diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-explain b/salt/common/tools/sbin/so-elasticsearch-ilm-explain new file mode 100644 index 000000000..db31dcb0f --- /dev/null +++ b/salt/common/tools/sbin/so-elasticsearch-ilm-explain @@ -0,0 +1,15 @@ +#/bin/bash +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +. /usr/sbin/so-common + +{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} + +if [ "$1" == "" ]; then + curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_all/_ilm/explain | jq . +else + curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/$1/_ilm/explain | jq .[] +fi From 1d6c03feb1a9cc0535f8c221c2d6fc600c9ff7a2 Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 8 Feb 2023 21:34:39 +0000 Subject: [PATCH 19/62] Rename initial ILM lifecycle status explanation script --- ...icsearch-ilm-explain => so-elasticsearch-ilm-lifecycle-status} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename salt/common/tools/sbin/{so-elasticsearch-ilm-explain => so-elasticsearch-ilm-lifecycle-status} (100%) diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-explain b/salt/common/tools/sbin/so-elasticsearch-ilm-lifecycle-status similarity index 100% rename from salt/common/tools/sbin/so-elasticsearch-ilm-explain rename to salt/common/tools/sbin/so-elasticsearch-ilm-lifecycle-status From b319b50fa17d49059e082aec4085d2c31ec635e9 Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 8 Feb 2023 21:39:33 +0000 Subject: [PATCH 20/62] Add initial ILM status script --- salt/common/tools/sbin/so-elasticsearch-ilm-status | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 salt/common/tools/sbin/so-elasticsearch-ilm-status diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-status b/salt/common/tools/sbin/so-elasticsearch-ilm-status new file mode 100644 index 000000000..8d78adc5b --- /dev/null +++ b/salt/common/tools/sbin/so-elasticsearch-ilm-status @@ -0,0 +1,11 @@ +/bin/bash +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +. /usr/sbin/so-common + +{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} + +curl -K /opt/so/conf/elasticsearch/curl.config -s -k -L https://{{ NODEIP }}:9200/_ilm/status | jq . From 8a00521092895ab35b40913c36d2c589d3c1a3e6 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 8 Feb 2023 17:19:20 -0500 Subject: [PATCH 21/62] ensure node_data is populated with self if logstash:nodes data doesnt exist, ie import node --- salt/logstash/map.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/logstash/map.jinja b/salt/logstash/map.jinja index 5f0a7ea79..553144b45 100644 --- a/salt/logstash/map.jinja +++ b/salt/logstash/map.jinja @@ -1,7 +1,7 @@ {% from 'vars/globals.map.jinja' import GLOBALS %} {% set REDIS_NODES = [] %} {% set LOGSTASH_NODES = [] %} -{% set node_data = salt['pillar.get']('logstash:nodes') %} +{% set node_data = salt['pillar.get']('logstash:nodes', {GLOBALS.role.split('-')[1]: {GLOBALS.hostname: {'ip': GLOBALS.node_ip}}}) %} {% for node_type, node_details in node_data.items() | sort %} {% if GLOBALS.role in ['so-searchnode', 'so-standalone', 'so-managersearch'] %} From 849e53e1ebb68ad825ba40f8262b341088c18af2 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 8 Feb 2023 17:40:27 -0500 Subject: [PATCH 22/62] upgrade influx --- salt/influxdb/defaults.yaml | 20 ++++++++++---------- salt/nginx/etc/nginx.conf | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/salt/influxdb/defaults.yaml b/salt/influxdb/defaults.yaml index 72c436a41..64b7d394b 100644 --- a/salt/influxdb/defaults.yaml +++ b/salt/influxdb/defaults.yaml @@ -2,7 +2,7 @@ influxdb: config: bolt-path: /var/lib/influxdb2/influxd.bolt engine-path: /var/lib/influxdb2/engine - feature-flags: + feature-flags: "" flux-log-enabled: false hardening-enabled: true http-bind-address: :8086 @@ -13,7 +13,7 @@ influxdb: influxql-max-select-buckets: 0 influxql-max-select-point: 0 influxql-max-select-series: 0 - instance-id: + instance-id: "" log-level: info metrics-disabled: true no-tasks: false @@ -52,18 +52,18 @@ influxdb: tls-key: /conf/influxdb.key tls-min-version: 1.2 tls-strict-ciphers: true - tracing-type: log + tracing-type: "" ui-disabled: false - vault-addr: - vault-cacert: - vault-capath: - vault-client-cert: - vault-client-key: + vault-addr: "" + vault-cacert: "" + vault-capath: "" + vault-client-cert: "" + vault-client-key: "" vault-client-timeout: 60s vault-max-retries: 2 vault-skip-verify: false - vault-tls-server-name: - vault-token: + vault-tls-server-name: "" + vault-token: "" retention_policies: so_short_term: default: True diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index d72052a01..391033766 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -186,7 +186,7 @@ http { location /influxdb/ { auth_request /auth/sessions/whoami; rewrite /influxdb/(.*) /$1 break; - proxy_pass http://{{ GLOBALS.manager_ip }}:8086/; + proxy_pass https://{{ GLOBALS.manager_ip }}:8086/; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_set_header Host $host; From 28eee48a7cac69fb95f7b482078572d2e31d175e Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 8 Feb 2023 20:38:29 -0500 Subject: [PATCH 23/62] influx upgrade --- salt/influxdb/defaults.yaml | 1 + salt/influxdb/soc_influxdb.yaml | 5 +++++ salt/nginx/etc/nginx.conf | 1 - 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/salt/influxdb/defaults.yaml b/salt/influxdb/defaults.yaml index 64b7d394b..82e59db90 100644 --- a/salt/influxdb/defaults.yaml +++ b/salt/influxdb/defaults.yaml @@ -1,5 +1,6 @@ influxdb: config: + assets-path: /ui bolt-path: /var/lib/influxdb2/influxd.bolt engine-path: /var/lib/influxdb2/engine feature-flags: "" diff --git a/salt/influxdb/soc_influxdb.yaml b/salt/influxdb/soc_influxdb.yaml index ef6519471..cbef9db85 100644 --- a/salt/influxdb/soc_influxdb.yaml +++ b/salt/influxdb/soc_influxdb.yaml @@ -1,5 +1,10 @@ influxdb: config: + assets-path: + description: Path to the InfluxDB user interface assets located inside the so-influxdb container. + global: True + advanced: True + helpLink: influxdb.html bolt-path: description: Path to the bolt DB file located inside the so-influxdb container. global: True diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index 391033766..5822170ea 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -185,7 +185,6 @@ http { location /influxdb/ { auth_request /auth/sessions/whoami; - rewrite /influxdb/(.*) /$1 break; proxy_pass https://{{ GLOBALS.manager_ip }}:8086/; proxy_read_timeout 90; proxy_connect_timeout 90; From 613793ad9b1100fbcaf9f4dd69516851fc062e59 Mon Sep 17 00:00:00 2001 From: weslambert Date: Thu, 9 Feb 2023 09:32:04 -0500 Subject: [PATCH 24/62] Temporarily use Elasticsearch output for Standalone installations --- salt/common/tools/sbin/so-elastic-fleet-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-elastic-fleet-setup b/salt/common/tools/sbin/so-elastic-fleet-setup index 217d69036..9c25dde55 100755 --- a/salt/common/tools/sbin/so-elastic-fleet-setup +++ b/salt/common/tools/sbin/so-elastic-fleet-setup @@ -24,7 +24,7 @@ mkdir -p /opt/so/conf/elastic-fleet/certs cp /etc/ssl/certs/intca.crt /opt/so/conf/elastic-fleet/certs cp /etc/pki/elasticfleet* /opt/so/conf/elastic-fleet/certs -{% if grains.role == 'so-import' %} +{% if grains.role in ['so-import', 'so-standalone'] %} # Add SO-Manager Elasticsearch Ouput ESCACRT=$(openssl x509 -in /opt/so/conf/elastic-fleet/certs/intca.crt) JSON_STRING=$( jq -n \ From b744dc0641665a58adf3a5c0de5c00cd23ada75e Mon Sep 17 00:00:00 2001 From: weslambert Date: Thu, 9 Feb 2023 09:35:29 -0500 Subject: [PATCH 25/62] Add so-eval to list of modes using the Elasticsearch output for Elastic Agent and Fleet --- salt/common/tools/sbin/so-elastic-fleet-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-elastic-fleet-setup b/salt/common/tools/sbin/so-elastic-fleet-setup index 9c25dde55..b82890faa 100755 --- a/salt/common/tools/sbin/so-elastic-fleet-setup +++ b/salt/common/tools/sbin/so-elastic-fleet-setup @@ -24,7 +24,7 @@ mkdir -p /opt/so/conf/elastic-fleet/certs cp /etc/ssl/certs/intca.crt /opt/so/conf/elastic-fleet/certs cp /etc/pki/elasticfleet* /opt/so/conf/elastic-fleet/certs -{% if grains.role in ['so-import', 'so-standalone'] %} +{% if grains.role in ['so-import', 'so-standalone', 'so-eval'] %} # Add SO-Manager Elasticsearch Ouput ESCACRT=$(openssl x509 -in /opt/so/conf/elastic-fleet/certs/intca.crt) JSON_STRING=$( jq -n \ From bb6fc8da19ed48f94436459daab81391c6f15262 Mon Sep 17 00:00:00 2001 From: Wes Date: Thu, 9 Feb 2023 15:51:58 +0000 Subject: [PATCH 26/62] Add policy templates for other logs --- .../sbin/so-elasticsearch-ilm-policy-load | 56 ++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-policy-load b/salt/common/tools/sbin/so-elasticsearch-ilm-policy-load index 2780ab59e..78766953b 100644 --- a/salt/common/tools/sbin/so-elasticsearch-ilm-policy-load +++ b/salt/common/tools/sbin/so-elasticsearch-ilm-policy-load @@ -12,8 +12,62 @@ echo echo "Setting up default Security Onion index lifecycle management policies..." +# Elasticsearch logs +echo +echo "Setting up Elasticsearch ILM policy..." +curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/so-elasticsearch-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "50gb", "max_age": "30d" } } } } } }' +echo + +# Import logs +echo +echo "Setting up Import ILM policy..." +curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/so-import-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "50gb", "max_age": "30d" } } } } } }' +echo + +# Kibana logs +echo +echo "Setting up Kratos ILM policy..." +curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/so-kibana-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "50gb", "max_age": "30d" } } } } } }' +echo + +# Kratos logs +echo +echo "Setting up Kratos ILM policy..." +curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/so-kratos-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "50gb", "max_age": "30d" } } } } } }' +echo + +# Logstash logs +echo +echo "Setting up Logstash ILM policy..." +curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/so-logstash-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "50gb", "max_age": "30d" } } } } } }' +echo + +# Redis logs +echo +echo "Setting up Redis ILM policy..." +curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/so-redis-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "50gb", "max_age": "30d" } } } } } }' +echo + +# Strelka logs +echo +echo "Setting up Strelka ILM policy..." +curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/so-strelka-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "50gb", "max_age": "30d" } } } } } }' +echo + +# Suricata logs +echo +echo "Setting up Suricata ILM policy..." +curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/so-suricata-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "50gb", "max_age": "30d" } } } } } }' +echo + +# Syslog logs +echo +echo "Setting up Syslog ILM policy..." +curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/so-syslog-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "50gb", "max_age": "30d" } } } } } }' +echo + # Zeek logs echo echo "Setting up Zeek ILM policy..." -curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/so-zeek-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "1gb", "max_age": "30d" } } } } } }' +curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/so-zeek-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "50gb", "max_age": "30d" } } } } } }' echo From ee7f299e6d2859a471afd025621cae1160b2846a Mon Sep 17 00:00:00 2001 From: Wes Date: Thu, 9 Feb 2023 15:56:36 +0000 Subject: [PATCH 27/62] Fix typo - 'Kratos' to 'Kibana' --- salt/common/tools/sbin/so-elasticsearch-ilm-policy-load | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-policy-load b/salt/common/tools/sbin/so-elasticsearch-ilm-policy-load index 78766953b..09cc6dc08 100644 --- a/salt/common/tools/sbin/so-elasticsearch-ilm-policy-load +++ b/salt/common/tools/sbin/so-elasticsearch-ilm-policy-load @@ -15,7 +15,7 @@ echo "Setting up default Security Onion index lifecycle management policies..." # Elasticsearch logs echo echo "Setting up Elasticsearch ILM policy..." -curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/so-elasticsearch-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "50gb", "max_age": "30d" } } } } } }' +curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/elasticsearch-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "50gb", "max_age": "30d" } } } } } }' echo # Import logs @@ -26,7 +26,7 @@ echo # Kibana logs echo -echo "Setting up Kratos ILM policy..." +echo "Setting up Kibana ILM policy..." curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/so-kibana-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "50gb", "max_age": "30d" } } } } } }' echo From 0e50d36da60d3aeabb5cffa779daa90262456cd3 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 9 Feb 2023 16:18:04 -0500 Subject: [PATCH 28/62] upgrade influx --- salt/common/tools/sbin/so-influxdb-user | 95 +++++++++++++++++++++++++ salt/common/tools/sbin/so-user | 5 ++ salt/nginx/etc/nginx.conf | 4 +- salt/telegraf/etc/telegraf.conf | 6 +- 4 files changed, 107 insertions(+), 3 deletions(-) create mode 100644 salt/common/tools/sbin/so-influxdb-user diff --git a/salt/common/tools/sbin/so-influxdb-user b/salt/common/tools/sbin/so-influxdb-user new file mode 100644 index 000000000..9b9e5e57b --- /dev/null +++ b/salt/common/tools/sbin/so-influxdb-user @@ -0,0 +1,95 @@ +#!/bin/bash + +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +. /usr/sbin/so-common + +usage() { + echo "Usage: $0 " + echo "" + echo "Supported Operations:" + echo " add Adds a new user" + echo " delete Removes an existing user" + echo " enable Enables a user" + echo " disable Disables a user" + echo " password Updates a user's password" + echo "" + echo "If required, the password will be read from STDIN." + exit 1 +} + +if [ $# -ne 2 ]; then + usage +fi + +KIND=InfluxDB +OP=$1 +USER_EMAIL=$2 +TOKEN=$(lookup_pillar_secret influx_token) + +log() { + echo -e "$@" +} + +read_password() { + # Read password for new user from stdin + test -t 0 + if [[ $? == 0 ]]; then + echo "Enter new password:" + fi + read -rs USER_PASS + + check_password_and_exit "$USER_PASS" +} + +check_response() { + response=$1 + if [[ "$response" =~ "\"code\":" ]]; then + log "Failed. Check the response for more details.\n$response" + fi +} + +set -eo pipefail + +if [[ "$OP" == "add" ]]; then + log "Creating new $KIND user" + response=$(curl -sk https://localhost:8086/api/v2/users -X POST -d "{\"name\":\"$USER_EMAIL\"}" -H "Authorization: Token $TOKEN") + check_response "$response" + OP=password +fi + +response=$(curl -sk https://localhost:8086/api/v2/users?limit=100 -H "Authorization: Token $TOKEN") +check_response "$response" +USER_ID=$(echo "$response" | jq -r ".users[] | select(.name == \"$USER_EMAIL\").id") +if [[ -z "$USER_ID" ]]; then + log "$KIND user not found" + exit 1 +fi + +if [[ "$OP" == "password" ]]; then + read_password + log "Updating $KIND user password" + response=$(curl -sk https://localhost:8086/api/v2/users/$USER_ID/password -X POST -d "{\"password\":\"$USER_PASS\"}" -H "Authorization: Token $TOKEN") + check_response "$response" +fi + +if [[ "$OP" == "delete" ]]; then + log "Deleting $KIND user" + response=$(curl -sk https://localhost:8086/api/v2/users/$USER_ID -X DELETE -H "Authorization: Token $TOKEN") + check_response "$response" +fi + +if [[ "$OP" == "enable" ]]; then + log "Enabling $KIND user" + response=$(curl -sk https://localhost:8086/api/v2/users/$USER_ID -X PATCH -d "{\"name\":\"$USER_EMAIL\",\"status\":\"active\"}" -H "Authorization: Token $TOKEN") + check_response "$response" +fi + +if [[ "$OP" == "disable" ]]; then + log "Disabling $KIND user" + response=$(curl -sk https://localhost:8086/api/v2/users/$USER_ID -X PATCH -d "{\"name\":\"$USER_EMAIL\",\"status\":\"inactive\"}" -H "Authorization: Token $TOKEN") + check_response "$response" +fi diff --git a/salt/common/tools/sbin/so-user b/salt/common/tools/sbin/so-user index 1e69ee82b..46feef640 100755 --- a/salt/common/tools/sbin/so-user +++ b/salt/common/tools/sbin/so-user @@ -588,6 +588,7 @@ case "${operation}" in syncAll echo "Successfully added new user to SOC" check_container fleet && echo "$password" | so-fleet-user-add "$email" + echo "$password" | so-influxdb-user add "$email" ;; "list") @@ -628,6 +629,7 @@ case "${operation}" in updateUserPassword "$email" syncAll echo "Successfully updated user password" + echo "$password" | so-influxdb-user password "$email" ;; "profile") @@ -648,6 +650,7 @@ case "${operation}" in syncAll echo "Successfully enabled user" echo "Fleet user will need to be recreated manually with so-fleet-user-add" + so-influxdb-user enable "$email" ;; "disable") @@ -659,6 +662,7 @@ case "${operation}" in syncAll echo "Successfully disabled user" check_container fleet && so-fleet-user-delete "$email" + so-influxdb-user disable "$email" ;; "delete") @@ -670,6 +674,7 @@ case "${operation}" in syncAll echo "Successfully deleted user" check_container fleet && so-fleet-user-delete "$email" + so-influxdb-user delete "$email" ;; "sync") diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index 5822170ea..8dce92b75 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -185,11 +185,11 @@ http { location /influxdb/ { auth_request /auth/sessions/whoami; + rewrite /influxdb/api/(.*) /api/$1 break; proxy_pass https://{{ GLOBALS.manager_ip }}:8086/; - proxy_read_timeout 90; + proxy_read_timeout 300; proxy_connect_timeout 90; proxy_set_header Host $host; - proxy_set_header Authorization "Basic {{ influxauth }}"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; diff --git a/salt/telegraf/etc/telegraf.conf b/salt/telegraf/etc/telegraf.conf index 0c3957a89..b6298a637 100644 --- a/salt/telegraf/etc/telegraf.conf +++ b/salt/telegraf/etc/telegraf.conf @@ -2,6 +2,7 @@ {%- set INFLUXDBHOST = GLOBALS.influxdb_host %} {%- set ES_USER = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:user', '') %} {%- set ES_PASS = salt['pillar.get']('elasticsearch:auth:users:so_elastic_user:pass', '') %} +{%- set TOKEN = salt['pillar.get']('secrets:influx_token', '') %} {%- set NODEIP = GLOBALS.node_ip %} {%- set UNIQUEID = salt['pillar.get']('sensor:uniqueid', '') %} {%- set ZEEK_ENABLED = salt['pillar.get']('zeek:enabled', True) %} @@ -71,8 +72,11 @@ ############################################################################### # Configuration for sending metrics to InfluxDB -[[outputs.influxdb]] +[[outputs.influxdb_v2]] urls = ["https://{{ INFLUXDBHOST }}:8086"] + token = "$TOKEN" + organization = "Security Onion" + bucket = "telegraf/so_short_term" ## Optional TLS Config for use on HTTP connections. tls_ca = "/etc/telegraf/ca.crt" From 0eec8b22a228494896b03e5919ceba2ff6c349a2 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 9 Feb 2023 18:27:14 -0500 Subject: [PATCH 29/62] influx upgrade --- salt/common/tools/sbin/so-influxdb-user | 4 ++++ salt/influxdb/init.sls | 2 +- salt/nginx/etc/nginx.conf | 1 + salt/telegraf/etc/telegraf.conf | 2 +- 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-influxdb-user b/salt/common/tools/sbin/so-influxdb-user index 9b9e5e57b..ae0d42ebf 100644 --- a/salt/common/tools/sbin/so-influxdb-user +++ b/salt/common/tools/sbin/so-influxdb-user @@ -36,10 +36,12 @@ log() { read_password() { # Read password for new user from stdin + set +e test -t 0 if [[ $? == 0 ]]; then echo "Enter new password:" fi + set -e read -rs USER_PASS check_password_and_exit "$USER_PASS" @@ -49,6 +51,7 @@ check_response() { response=$1 if [[ "$response" =~ "\"code\":" ]]; then log "Failed. Check the response for more details.\n$response" + exit 1 fi } @@ -61,6 +64,7 @@ if [[ "$OP" == "add" ]]; then OP=password fi +log "Looking up user ID" response=$(curl -sk https://localhost:8086/api/v2/users?limit=100 -H "Authorization: Token $TOKEN") check_response "$response" USER_ID=$(echo "$response" | jq -r ".users[] | select(.name == \"$USER_EMAIL\").id") diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls index 2fbf88d3a..a3a59db70 100644 --- a/salt/influxdb/init.sls +++ b/salt/influxdb/init.sls @@ -51,7 +51,7 @@ so-influxdb: - DOCKER_INFLUXDB_INIT_MODE=setup - DOCKER_INFLUXDB_INIT_USERNAME=so - DOCKER_INFLUXDB_INIT_PASSWORD={{ PASSWORD }} - - DOCKER_INFLUXDB_INIT_ORG="Security Onion" + - DOCKER_INFLUXDB_INIT_ORG=Security Onion - DOCKER_INFLUXDB_INIT_BUCKET=telegraf/so_short_term - DOCKER_INFLUXDB_INIT_RETENTION=30d - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN={{ TOKEN }} diff --git a/salt/nginx/etc/nginx.conf b/salt/nginx/etc/nginx.conf index 8dce92b75..1dc73d030 100644 --- a/salt/nginx/etc/nginx.conf +++ b/salt/nginx/etc/nginx.conf @@ -194,6 +194,7 @@ http { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Proxy ""; proxy_set_header X-Forwarded-Proto $scheme; + proxy_cookie_path /api/ /influxdb/api/; } location /kibana/ { diff --git a/salt/telegraf/etc/telegraf.conf b/salt/telegraf/etc/telegraf.conf index b6298a637..61843da5f 100644 --- a/salt/telegraf/etc/telegraf.conf +++ b/salt/telegraf/etc/telegraf.conf @@ -74,7 +74,7 @@ # Configuration for sending metrics to InfluxDB [[outputs.influxdb_v2]] urls = ["https://{{ INFLUXDBHOST }}:8086"] - token = "$TOKEN" + token = "{{ TOKEN }}" organization = "Security Onion" bucket = "telegraf/so_short_term" From e77813a1735f5ad88128b2700a80bf0118c225cf Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 9 Feb 2023 19:14:58 -0500 Subject: [PATCH 30/62] influx upgrade --- salt/common/tools/sbin/so-influxdb-user | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-influxdb-user b/salt/common/tools/sbin/so-influxdb-user index ae0d42ebf..90cf84e25 100644 --- a/salt/common/tools/sbin/so-influxdb-user +++ b/salt/common/tools/sbin/so-influxdb-user @@ -61,7 +61,6 @@ if [[ "$OP" == "add" ]]; then log "Creating new $KIND user" response=$(curl -sk https://localhost:8086/api/v2/users -X POST -d "{\"name\":\"$USER_EMAIL\"}" -H "Authorization: Token $TOKEN") check_response "$response" - OP=password fi log "Looking up user ID" @@ -73,6 +72,22 @@ if [[ -z "$USER_ID" ]]; then exit 1 fi +log "Looking up organization ID" +response=$(curl -sk https://localhost:8086/api/v2/orgs?limit=100 -H "Authorization: Token $TOKEN") +check_response "$response" +ORG_ID=$(echo "$response" | jq -r ".orgs[] | select(.name == \"Security Onion\").id") +if [[ -z "$ORG_ID" ]]; then + log "$KIND organization not found" + exit 1 +fi + +if [[ "$OP" == "add" ]]; then + log "Adding new $KIND user to organization" + response=$(curl -sk https://localhost:8086/api/v2/orgs/$ORG_ID/members -X POST -d "{\"id\":\"$USER_ID\"}" -H "Authorization: Token $TOKEN") + check_response "$response" + OP=password +fi + if [[ "$OP" == "password" ]]; then read_password log "Updating $KIND user password" From 7b7461ef01dab712d0d81607b140a0205de39722 Mon Sep 17 00:00:00 2001 From: Wes Date: Fri, 10 Feb 2023 14:59:29 +0000 Subject: [PATCH 31/62] Dynamically load index management lifecycle policies based on pillar values --- .../sbin/so-elasticsearch-ilm-policy-load | 70 +++---------------- 1 file changed, 9 insertions(+), 61 deletions(-) diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-policy-load b/salt/common/tools/sbin/so-elasticsearch-ilm-policy-load index 09cc6dc08..0b8110cad 100644 --- a/salt/common/tools/sbin/so-elasticsearch-ilm-policy-load +++ b/salt/common/tools/sbin/so-elasticsearch-ilm-policy-load @@ -1,4 +1,4 @@ -#/bin/bash +/bin/bash # Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at # https://securityonion.net/license; you may not use this file except in compliance with the @@ -6,68 +6,16 @@ . /usr/sbin/so-common +{% import_yaml 'elasticsearch/defaults.yaml' as ESCONFIG with context %} +{%- set ES_INDEX_SETTINGS = salt['pillar.get']('elasticsearch:index_settings', default=ESCONFIG.elasticsearch.index_settings, merge=True) %} {%- set NODEIP = salt['pillar.get']('host:mainip', '') %} -# Set up ILM policies +{%- for index, settings in ES_INDEX_SETTINGS.items() %} + {%- if settings.policy is defined %} echo -echo "Setting up default Security Onion index lifecycle management policies..." - -# Elasticsearch logs +echo "Setting up {{ index }}-logs policy..." +curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/{{ index }}-logs" -H 'Content-Type: application/json' -d'{ "policy": {{ settings.policy | tojson(true) }} }' echo -echo "Setting up Elasticsearch ILM policy..." -curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/elasticsearch-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "50gb", "max_age": "30d" } } } } } }' -echo - -# Import logs -echo -echo "Setting up Import ILM policy..." -curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/so-import-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "50gb", "max_age": "30d" } } } } } }' -echo - -# Kibana logs -echo -echo "Setting up Kibana ILM policy..." -curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/so-kibana-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "50gb", "max_age": "30d" } } } } } }' -echo - -# Kratos logs -echo -echo "Setting up Kratos ILM policy..." -curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/so-kratos-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "50gb", "max_age": "30d" } } } } } }' -echo - -# Logstash logs -echo -echo "Setting up Logstash ILM policy..." -curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/so-logstash-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "50gb", "max_age": "30d" } } } } } }' -echo - -# Redis logs -echo -echo "Setting up Redis ILM policy..." -curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/so-redis-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "50gb", "max_age": "30d" } } } } } }' -echo - -# Strelka logs -echo -echo "Setting up Strelka ILM policy..." -curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/so-strelka-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "50gb", "max_age": "30d" } } } } } }' -echo - -# Suricata logs -echo -echo "Setting up Suricata ILM policy..." -curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/so-suricata-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "50gb", "max_age": "30d" } } } } } }' -echo - -# Syslog logs -echo -echo "Setting up Syslog ILM policy..." -curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/so-syslog-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "50gb", "max_age": "30d" } } } } } }' -echo - -# Zeek logs -echo -echo "Setting up Zeek ILM policy..." -curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/so-zeek-logs" -H 'Content-Type: application/json' -d'{ "policy": { "phases": { "hot": { "min_age": "0ms", "actions": { "set_priority": { "priority": 100 }, "rollover": { "max_primary_shard_size": "50gb", "max_age": "30d" } } } } } }' + {%- endif %} +{%- endfor %} echo From d17cf89c686ed5e8f213d4beb50133147316ffa6 Mon Sep 17 00:00:00 2001 From: Wes Date: Fri, 10 Feb 2023 15:01:09 +0000 Subject: [PATCH 32/62] Fix Bash shebang --- salt/common/tools/sbin/so-elasticsearch-ilm-policy-load | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-policy-load b/salt/common/tools/sbin/so-elasticsearch-ilm-policy-load index 0b8110cad..dda521736 100644 --- a/salt/common/tools/sbin/so-elasticsearch-ilm-policy-load +++ b/salt/common/tools/sbin/so-elasticsearch-ilm-policy-load @@ -1,4 +1,4 @@ -/bin/bash +#/bin/bash # Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one # or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at # https://securityonion.net/license; you may not use this file except in compliance with the From c9118699a99e4c459674fb16cee83235b2abfbe7 Mon Sep 17 00:00:00 2001 From: Wes Date: Fri, 10 Feb 2023 15:10:30 +0000 Subject: [PATCH 33/62] Add index management lifecycle policy defintion and reference in index template --- salt/elasticsearch/defaults.yaml | 202 +++++++++++++++++++++++++++++++ 1 file changed, 202 insertions(+) diff --git a/salt/elasticsearch/defaults.yaml b/salt/elasticsearch/defaults.yaml index 3d1182255..a0c431881 100644 --- a/salt/elasticsearch/defaults.yaml +++ b/salt/elasticsearch/defaults.yaml @@ -1430,6 +1430,8 @@ elasticsearch: date_detection: false settings: index: + lifecycle: + name: so-elasticsearch-logs mapping: total_fields: limit: 5000 @@ -1498,6 +1500,25 @@ elasticsearch: - common-settings - common-dynamic-mappings priority: 500 + policy: + phases: + hot: + min_age: 0ms + actions: + set_priority: + priority: 100 + rollover: + max_age: 30d + max_primary_shard_size: 50gb + cold: + min_age: 30d + actions: + set_priority: + priority: 0 + delete: + min_age: 365d + actions: + delete: {} so-endgame: index_sorting: False index_template: @@ -2183,6 +2204,8 @@ elasticsearch: date_detection: false settings: index: + lifecycle: + name: so-suricata-logs mapping: total_fields: limit: 5000 @@ -2251,6 +2274,25 @@ elasticsearch: - common-settings - common-dynamic-mappings priority: 500 + policy: + phases: + hot: + min_age: 0ms + actions: + set_priority: + priority: 100 + rollover: + max_age: 30d + max_primary_shard_size: 50gb + cold: + min_age: 30d + actions: + set_priority: + priority: 0 + delete: + min_age: 365d + actions: + delete: {} so-imperva: index_sorting: False index_template: @@ -2351,6 +2393,8 @@ elasticsearch: date_detection: false settings: index: + lifecycle: + name: so-import-logs mapping: total_fields: limit: 5000 @@ -2419,6 +2463,25 @@ elasticsearch: - common-dynamic-mappings - winlog-mappings priority: 500 + policy: + phases: + hot: + min_age: 0ms + actions: + set_priority: + priority: 100 + rollover: + max_age: 30d + max_primary_shard_size: 50gb + cold: + min_age: 30d + actions: + set_priority: + priority: 0 + delete: + min_age: 365d + actions: + delete: {} so-infoblox: index_sorting: False index_template: @@ -2671,6 +2734,25 @@ elasticsearch: - common-settings - common-dynamic-mappings priority: 500 + policy: + phases: + hot: + min_age: 0ms + actions: + set_priority: + priority: 100 + rollover: + max_age: 30d + max_primary_shard_size: 50gb + cold: + min_age: 30d + actions: + set_priority: + priority: 0 + delete: + min_age: 365d + actions: + delete: {} so-kratos: warm: 7 close: 30 @@ -2754,6 +2836,25 @@ elasticsearch: - common-settings - common-dynamic-mappings priority: 500 + policy: + phases: + hot: + min_age: 0ms + actions: + set_priority: + priority: 100 + rollover: + max_age: 30d + max_primary_shard_size: 50gb + cold: + min_age: 30d + actions: + set_priority: + priority: 0 + delete: + min_age: 365d + actions: + delete: {} so-logstash: index_sorting: False index_template: @@ -2770,6 +2871,8 @@ elasticsearch: date_detection: false settings: index: + lifecycle: + name: so-logstash-logs mapping: total_fields: limit: 5000 @@ -2838,6 +2941,25 @@ elasticsearch: - common-settings - common-dynamic-mappings priority: 500 + policy: + phases: + hot: + min_age: 0ms + actions: + set_priority: + priority: 100 + rollover: + max_age: 30d + max_primary_shard_size: 50gb + cold: + min_age: 30d + actions: + set_priority: + priority: 0 + delete: + min_age: 365d + actions: + delete: {} so-microsoft: index_sorting: False index_template: @@ -3691,6 +3813,8 @@ elasticsearch: date_detection: false settings: index: + lifecycle: + name: so-redis-logs mapping: total_fields: limit: 5000 @@ -3759,6 +3883,25 @@ elasticsearch: - common-settings - common-dynamic-mappings priority: 500 + policy: + phases: + hot: + min_age: 0ms + actions: + set_priority: + priority: 100 + rollover: + max_age: 30d + max_primary_shard_size: 50gb + cold: + min_age: 30d + actions: + set_priority: + priority: 0 + delete: + min_age: 365d + actions: + delete: {} so-snort: index_sorting: False index_template: @@ -4262,6 +4405,25 @@ elasticsearch: - common-settings - common-dynamic-mappings priority: 500 + policy: + phases: + hot: + min_age: 0ms + actions: + set_priority: + priority: 100 + rollover: + max_age: 30d + max_primary_shard_size: 50gb + cold: + min_age: 30d + actions: + set_priority: + priority: 0 + delete: + min_age: 365d + actions: + delete: {} so-syslog: index_sorting: False index_template: @@ -4347,6 +4509,25 @@ elasticsearch: - common-settings - common-dynamic-mappings priority: 500 + policy: + phases: + hot: + min_age: 0ms + actions: + set_priority: + priority: 100 + rollover: + max_age: 30d + max_primary_shard_size: 50gb + cold: + min_age: 30d + actions: + set_priority: + priority: 0 + delete: + min_age: 365d + actions: + delete: {} so-tomcat: index_sorting: False index_template: @@ -4447,6 +4628,8 @@ elasticsearch: date_detection: false settings: index: + lifecycle: + name: so-zeek-logs mapping: total_fields: limit: 5000 @@ -4517,6 +4700,25 @@ elasticsearch: - common-settings - common-dynamic-mappings priority: 500 + policy: + phases: + hot: + min_age: 0ms + actions: + set_priority: + priority: 100 + rollover: + max_age: 30d + max_primary_shard_size: 50gb + cold: + min_age: 30d + actions: + set_priority: + priority: 0 + delete: + min_age: 365d + actions: + delete: {} so-zscaler: index_sorting: False index_template: From 1d0e09bdf7b986dbfe27cada6fc6ddf752827026 Mon Sep 17 00:00:00 2001 From: Wes Date: Fri, 10 Feb 2023 15:26:46 +0000 Subject: [PATCH 34/62] Ensure Elastic utility scripts have the correct permissions --- salt/common/tools/sbin/so-elastic-fleet-agent-policy-view | 0 .../tools/sbin/so-elastic-fleet-integration-policy-bulk-delete | 0 salt/common/tools/sbin/so-elasticsearch-ilm-lifecycle-status | 0 salt/common/tools/sbin/so-elasticsearch-ilm-policy-delete | 0 salt/common/tools/sbin/so-elasticsearch-ilm-policy-load | 0 salt/common/tools/sbin/so-elasticsearch-ilm-policy-view | 0 salt/common/tools/sbin/so-elasticsearch-ilm-restart | 0 salt/common/tools/sbin/so-elasticsearch-ilm-start | 0 salt/common/tools/sbin/so-elasticsearch-ilm-status | 0 salt/common/tools/sbin/so-elasticsearch-ilm-stop | 0 10 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 salt/common/tools/sbin/so-elastic-fleet-agent-policy-view mode change 100644 => 100755 salt/common/tools/sbin/so-elastic-fleet-integration-policy-bulk-delete mode change 100644 => 100755 salt/common/tools/sbin/so-elasticsearch-ilm-lifecycle-status mode change 100644 => 100755 salt/common/tools/sbin/so-elasticsearch-ilm-policy-delete mode change 100644 => 100755 salt/common/tools/sbin/so-elasticsearch-ilm-policy-load mode change 100644 => 100755 salt/common/tools/sbin/so-elasticsearch-ilm-policy-view mode change 100644 => 100755 salt/common/tools/sbin/so-elasticsearch-ilm-restart mode change 100644 => 100755 salt/common/tools/sbin/so-elasticsearch-ilm-start mode change 100644 => 100755 salt/common/tools/sbin/so-elasticsearch-ilm-status mode change 100644 => 100755 salt/common/tools/sbin/so-elasticsearch-ilm-stop diff --git a/salt/common/tools/sbin/so-elastic-fleet-agent-policy-view b/salt/common/tools/sbin/so-elastic-fleet-agent-policy-view old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-elastic-fleet-integration-policy-bulk-delete b/salt/common/tools/sbin/so-elastic-fleet-integration-policy-bulk-delete old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-lifecycle-status b/salt/common/tools/sbin/so-elasticsearch-ilm-lifecycle-status old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-policy-delete b/salt/common/tools/sbin/so-elasticsearch-ilm-policy-delete old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-policy-load b/salt/common/tools/sbin/so-elasticsearch-ilm-policy-load old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-policy-view b/salt/common/tools/sbin/so-elasticsearch-ilm-policy-view old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-restart b/salt/common/tools/sbin/so-elasticsearch-ilm-restart old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-start b/salt/common/tools/sbin/so-elasticsearch-ilm-start old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-status b/salt/common/tools/sbin/so-elasticsearch-ilm-status old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-elasticsearch-ilm-stop b/salt/common/tools/sbin/so-elasticsearch-ilm-stop old mode 100644 new mode 100755 From 994eabae1b4fabc35208d152682225e5ea8e6609 Mon Sep 17 00:00:00 2001 From: Wes Date: Fri, 10 Feb 2023 18:57:19 +0000 Subject: [PATCH 35/62] Manage policy loading in Elasticsearch state --- salt/elasticsearch/init.sls | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 43e8d9f72..b9caa2e89 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -53,9 +53,19 @@ es_sync_scripts: - source: salt://elasticsearch/tools/sbin - exclude_pat: - so-elasticsearch-pipelines # exclude this because we need to watch it for changes, we sync it in another state + - so-elasticsearch-ilm-policy-load - defaults: GLOBALS: {{ GLOBALS }} +so-elasticsearch-ilm-policy-load-script: + file.managed: + - name: /usr/sbin/so-elasticsearch-ilm-policy-load + - source: salt://elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-load + - user: 930 + - group: 939 + - mode: 754 + - template: jinja + so-elasticsearch-pipelines-script: file.managed: - name: /usr/sbin/so-elasticsearch-pipelines @@ -362,6 +372,16 @@ so-es-cluster-settings: - docker_container: so-elasticsearch - file: es_sync_scripts +so-elasticsearch-ilm-policy-load: + cmd.run: + - name: /usr/sbin/so-elasticsearch-ilm-policy-load + - cwd: /opt/so + - require: + - docker_container: so-elasticsearch + - file: so-elasticsearch-ilm-policy-load-script + - onchanges: + - file: so-elasticsearch-ilm-policy-load-script + so-elasticsearch-templates: cmd.run: - name: /usr/sbin/so-elasticsearch-templates-load From 1255c6031746df6a444ff59df319b3982152514c Mon Sep 17 00:00:00 2001 From: Wes Date: Fri, 10 Feb 2023 18:59:45 +0000 Subject: [PATCH 36/62] Move policy load script into Elasticsearch state script directory --- .../sbin/so-elasticsearch-ilm-policy-load | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100755 salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-load diff --git a/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-load b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-load new file mode 100755 index 000000000..dda521736 --- /dev/null +++ b/salt/elasticsearch/tools/sbin/so-elasticsearch-ilm-policy-load @@ -0,0 +1,21 @@ +#/bin/bash +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +. /usr/sbin/so-common + +{% import_yaml 'elasticsearch/defaults.yaml' as ESCONFIG with context %} +{%- set ES_INDEX_SETTINGS = salt['pillar.get']('elasticsearch:index_settings', default=ESCONFIG.elasticsearch.index_settings, merge=True) %} +{%- set NODEIP = salt['pillar.get']('host:mainip', '') %} + +{%- for index, settings in ES_INDEX_SETTINGS.items() %} + {%- if settings.policy is defined %} +echo +echo "Setting up {{ index }}-logs policy..." +curl -K /opt/so/conf/elasticsearch/curl.config -b "sid=$SESSIONCOOKIE" -s -k -L -X PUT "https://{{ NODEIP }}:9200/_ilm/policy/{{ index }}-logs" -H 'Content-Type: application/json' -d'{ "policy": {{ settings.policy | tojson(true) }} }' +echo + {%- endif %} +{%- endfor %} +echo From acda03ce406cacce9c7b10ca1da7005304aa4a6e Mon Sep 17 00:00:00 2001 From: weslambert Date: Fri, 10 Feb 2023 14:57:11 -0500 Subject: [PATCH 37/62] Add annotation settings for Elasticsearch's ILM feature, and remove various index keys --- salt/elasticsearch/soc_elasticsearch.yaml | 72 ++++++++++++----------- 1 file changed, 39 insertions(+), 33 deletions(-) diff --git a/salt/elasticsearch/soc_elasticsearch.yaml b/salt/elasticsearch/soc_elasticsearch.yaml index d9de9343e..26d4890c2 100644 --- a/salt/elasticsearch/soc_elasticsearch.yaml +++ b/salt/elasticsearch/soc_elasticsearch.yaml @@ -36,7 +36,7 @@ elasticsearch: global: True helpLink: elasticsearch.html index_settings: - so-aws: &indexSettings + so-elasticsearch: &indexSettings warm: description: Age (in days) of this index before it will move to warm storage, if warm nodes are present. Once moved, events on this index can take longer to fetch. global: True @@ -75,45 +75,51 @@ elasticsearch: description: Number of replicas required for this index. Multiple replicas protects against data loss, but also increases storage costs. global: True helpLink: elasticsearch.html - so-azure: *indexSettings - so-barracuda: *indexSettings - so-beats: *indexSettings - so-bluecoat: *indexSettings - so-cef: *indexSettings - so-checkpoint: *indexSettings - so-cisco: *indexSettings - so-cyberark: *indexSettings - so-cylance: *indexSettings - so-elasticsearch: *indexSettings + policy: + phases: + hot: + min_age: + description: Minimum age + global: True + helpLink: elasticsearch.html + actions: + set_priority: + priority: + description: Priority of index, used for recovery after a node restart. Indices with higher priorities are recovered before indices with lower priorities. + global: True + helpLink: elasticsearch.html + rollover: + max_age: + description: Maximum age of index. Once an index reaches this limit, it will be rolled over into a new index. + global: True + helpLink: elasticsearch.html + max_primary_shard_size: + description: Maximum primary shard size. Once an index reaches this limit, it will be rolled over into a new index. + global: True + helpLink: elasticsearch.html + cold: + min_age: + description: Minimum age of index, determining when it should be sent to the cold tier. While still searchable, this tier is typically optimized for lower storage costs rather than search speed. + global: True + helpLink: elasticsearch.html + actions: + set_priority: + priority: + description: Used for index recovery after a node restart. Indices with higher priorities are recovered before indices with lower priorities. + global: True + helpLink: elasticsearch.html + delete: + min_age: + description: Minimum age of index, determining when it should be deleted. + global: True + helpLink: elastic so-endgame: *indexSettings - so-f5: *indexSettings so-firewall: *indexSettings - so-fortinet: *indexSettings - so-gcp: *indexSettings - so-google_workspace: *indexSettings - so-ids: *indexSettings - so-imperva: *indexSettings so-import: *indexSettings - so-infoblox: *indexSettings - so-juniper: *indexSettings so-kibana: *indexSettings so-logstash: *indexSettings - so-microsoft: *indexSettings - so-misp: *indexSettings - so-netflow: *indexSettings - so-netscout: *indexSettings - so-o365: *indexSettings - so-okta: *indexSettings so-osquery: *indexSettings - so-proofpoint: *indexSettings - so-radware: *indexSettings so-redis: *indexSettings - so-snort: *indexSettings - so-snyk: *indexSettings - so-sonicwall: *indexSettings - so-sophos: *indexSettings so-strelka: *indexSettings so-syslog: *indexSettings - so-tomcat: *indexSettings so-zeek: *indexSettings - so-zscaler: *indexSettings From cd27ae89ccba23311723c71c61c9ba9185eb6700 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 10 Feb 2023 16:34:06 -0500 Subject: [PATCH 38/62] influx upgrade --- salt/common/tools/sbin/so-influxdb-manage | 238 ++++++++++++++++++++++ salt/common/tools/sbin/so-influxdb-user | 114 ----------- salt/common/tools/sbin/so-user | 14 +- salt/influxdb/buckets.json.jinja | 3 + salt/influxdb/config.yaml.jinja | 5 +- salt/influxdb/defaults.yaml | 12 +- salt/influxdb/init.sls | 24 ++- salt/influxdb/map.jinja | 11 +- salt/influxdb/soc_influxdb.yaml | 10 +- salt/soc/defaults.map.jinja | 6 +- salt/soc/defaults.yaml | 6 +- 11 files changed, 288 insertions(+), 155 deletions(-) create mode 100644 salt/common/tools/sbin/so-influxdb-manage delete mode 100644 salt/common/tools/sbin/so-influxdb-user create mode 100644 salt/influxdb/buckets.json.jinja diff --git a/salt/common/tools/sbin/so-influxdb-manage b/salt/common/tools/sbin/so-influxdb-manage new file mode 100644 index 000000000..e5f480369 --- /dev/null +++ b/salt/common/tools/sbin/so-influxdb-manage @@ -0,0 +1,238 @@ +#!/bin/bash + +# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one +# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at +# https://securityonion.net/license; you may not use this file except in compliance with the +# Elastic License 2.0. + +. /usr/sbin/so-common + +usage() { + echo "Usage: $0 [args]" + echo "" + echo "Supported Operations:" + echo " setup Loads all templates and creates all required buckets" + echo " templateapply Applies a single template file, requires: " + echo " userlist Lists users" + echo " useradd Adds a new user, requires: " + echo " userdel Removes an existing user, requires: " + echo " userenable Enables a user, requires: " + echo " userdisable Disables a user, requires: " + echo " userpass Updates a user's password, requires: " + echo "" + echo "If required, the password will be read from STDIN." + exit 1 +} + +if [ $# -lt 1 ]; then + usage +fi + +OP=$1 +shift + +set -eo pipefail + +log() { + echo -e "$(date) | InfluxDB | $@" >&2 +} + +check_response() { + response=$1 + if [[ "$response" =~ "\"code\":" ]]; then + log "Failed. Check the response for more details.\n$response" + exit 1 + fi +} + +lookup_user_id() { + token=$1 + email=$2 + response=$(curl -sk https://localhost:8086/api/v2/users?limit=100 -H "Authorization: Token $token") + check_response "$response" + uid=$(echo "$response" | jq -r ".users[] | select(.name == \"$email\").id") + if [[ -z "$uid" ]]; then + log "User not found" + exit 1 + fi + echo "$uid" +} + +lookup_org_id() { + token=$1 + response=$(curl -sk https://localhost:8086/api/v2/orgs?limit=100 -H "Authorization: Token $token") + check_response "$response" + oid=$(echo "$response" | jq -r ".orgs[] | select(.name == \"Security Onion\").id") + if [[ -z "$oid" ]]; then + log "Organization not found" + exit 1 + fi + echo "$oid" +} + +lookup_stack_id() { + token=$1 + oid=$2 + response=$(curl -sk "https://localhost:8086/api/v2/stacks?orgID=$oid&name=Security+Onion" -H "Authorization: Token $token") + check_response "$response" + stackid=$(echo "$response" | jq -r ".stacks[0].id") + if [[ -z "$stackid" || "$stackid" == null ]]; then + response=$(curl -sk https://localhost:8086/api/v2/stacks -X POST -d "{\"name\":\"Security Onion\",\"orgID\":\"$oid\"}" -H "Authorization: Token $token") + check_response "$response" + stackid=$(echo "$response" | jq -r .id) + fi + echo "$stackid" +} + +add_user_to_org() { + token=$1 + uid=$2 + oid=$3 + log "Adding new user to organization" + response=$(curl -sk https://localhost:8086/api/v2/orgs/$oid/members -X POST -d "{\"id\":\"$uid\"}" -H "Authorization: Token $token") + check_response "$response" +} + +change_password() { + token=$1 + uid=$2 + set +e + test -t 0 + if [[ $? == 0 ]]; then + echo "Enter new password:" + fi + set -e + read -rs pass + check_password_and_exit "$pass" + response=$(curl -sk https://localhost:8086/api/v2/users/$uid/password -X POST -d "{\"password\":\"$pass\"}" -H "Authorization: Token $token") + check_response "$response" +} + +apply_template() { + token=$1 + oid=$2 + stackid=$3 + file=$4 + content=$(cat $file) + body="{\"orgID\":\"$oid\",\"stackID\":\"$stackid\",\"template\":{\"contents\":$content}}" + response=$(curl -sk https://localhost:8086/api/v2/templates/apply -X POST -d "$body" -H "Authorization: Token $token") + check_response "$response" +} + +create_bucket() { + token=$1 + oid=$2 + name=$3 + age=$4 + shardduration=$5 + + response=$(curl -sk "https://localhost:8086/api/v2/buckets?orgID=$oid&name=$name" -H "Authorization: Token $token") + check_response "$response" + bucketid=$(echo "$response" | jq -r ".buckets[0].id") + if [[ -z "$stackid" || "$stackid" == null ]]; then + response=$(curl -sk https://localhost:8086/api/v2/buckets -X POST -d "{\"name\":\"$name\",\"orgID\":\"oid\"}" -H "Authorization: Token $token") + check_response "$response" + bucketid=$(echo "$response" | jq -r .id) + fi + response=$(curl -sk "https://localhost:8086/api/v2/buckets/$bucketid" -d "{\"name\":\"$name\",\"retentionRules\":[{\"everySeconds\":$age,\"shardGroupDurationSeconds\":$shardduration,\"type\":\"expire\"}]}" -H "Authorization: Token $token") + check_response "$response" +} + +case "$OP" in + + templateload) + [ $# -ne 1 ] && usage + file=$1 + log "Applying template file; file=$file" + token=$(lookup_pillar_secret influx_token) + oid=$(lookup_org_id "$token") + stackid=$(lookup_stack_id "$token" "$oid") + apply_template "$token" "$oid" "$stackid" "$file" + ;; + + setup) + log "Ensuring organization is setup correctly" + token=$(lookup_pillar_secret influx_token) + oid=$(lookup_org_id "$token") + + # Load templates + stackid=$(lookup_stack_id "$token" "$oid") + for file in /opt/so/conf/influxdb/templates/*; do + log "Ensuring template is loaded; template=$file" + apply_template "$token" "$oid" "$stackid" "$file" + done + + # Setup buckets and retention periods + for rp in so_short_term so_long_term; do + bucket=telegraf/$rp + log "Ensuring bucket is created and configured; bucket=$bucket" + age=$(cat /opt/so/conf/influxdb/buckets.json | jq -r .$rp.duration) + shard_duration=$(cat /opt/so/conf/influxdb/buckets.json | jq -r .$rp.shard_duration) + create_bucket "$token" "$oid" "$bucket" "$age" "$shard_duration" + done + ;; + + userlist) + log "Listing existing users" + token=$(lookup_pillar_secret influx_token) + response=$(curl -sk https://localhost:8086/api/v2/users -H "Authorization: Token $token") + check_response "$response" + echo "$response" | jq -r '.users[] | "\(.id): \(.name) (\(.status))"' + ;; + + useradd) + [ $# -ne 1 ] && usage + email=$1 + log "Adding new user; email=$email" + token=$(lookup_pillar_secret influx_token) + oid=$(lookup_org_id "$token") + response=$(curl -sk https://localhost:8086/api/v2/users -X POST -d "{\"name\":\"$email\"}" -H "Authorization: Token $token") + check_response "$response" + uid=$(echo "$response" | jq -r .id) + add_user_to_org "$token" "$uid" "$oid" + change_password "$token" "$uid" + ;; + + userpass) + [ $# -ne 1 ] && usage + email=$1 + log "Updating user password; email=$email" + token=$(lookup_pillar_secret influx_token) + uid=$(lookup_user_id "$token" "$email") + change_password "$token" "$uid" + ;; + + userdel) + [ $# -ne 1 ] && usage + email=$1 + log "Deleting user; email=$email" + token=$(lookup_pillar_secret influx_token) + uid=$(lookup_user_id "$token" "$email") + response=$(curl -sk https://localhost:8086/api/v2/users/$uid -X DELETE -H "Authorization: Token $token") + check_response "$response" + ;; + + userenable) + [ $# -ne 1 ] && usage + email=$1 + log "Enabling user; email=$email" + token=$(lookup_pillar_secret influx_token) + uid=$(lookup_user_id "$token" "$email") + response=$(curl -sk https://localhost:8086/api/v2/users/$uid -X PATCH -d "{\"name\":\"$email\",\"status\":\"active\"}" -H "Authorization: Token $token") + check_response "$response" + ;; + + userdisable) + [ $# -ne 1 ] && usage + email=$1 + log "Disabling user; email=$email" + token=$(lookup_pillar_secret influx_token) + uid=$(lookup_user_id "$token" "$email") + response=$(curl -sk https://localhost:8086/api/v2/users/$uid -X PATCH -d "{\"name\":\"$email\",\"status\":\"inactive\"}" -H "Authorization: Token $token") + check_response "$response" + ;; + + *) + usage + ;; +esac diff --git a/salt/common/tools/sbin/so-influxdb-user b/salt/common/tools/sbin/so-influxdb-user deleted file mode 100644 index 90cf84e25..000000000 --- a/salt/common/tools/sbin/so-influxdb-user +++ /dev/null @@ -1,114 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - -. /usr/sbin/so-common - -usage() { - echo "Usage: $0 " - echo "" - echo "Supported Operations:" - echo " add Adds a new user" - echo " delete Removes an existing user" - echo " enable Enables a user" - echo " disable Disables a user" - echo " password Updates a user's password" - echo "" - echo "If required, the password will be read from STDIN." - exit 1 -} - -if [ $# -ne 2 ]; then - usage -fi - -KIND=InfluxDB -OP=$1 -USER_EMAIL=$2 -TOKEN=$(lookup_pillar_secret influx_token) - -log() { - echo -e "$@" -} - -read_password() { - # Read password for new user from stdin - set +e - test -t 0 - if [[ $? == 0 ]]; then - echo "Enter new password:" - fi - set -e - read -rs USER_PASS - - check_password_and_exit "$USER_PASS" -} - -check_response() { - response=$1 - if [[ "$response" =~ "\"code\":" ]]; then - log "Failed. Check the response for more details.\n$response" - exit 1 - fi -} - -set -eo pipefail - -if [[ "$OP" == "add" ]]; then - log "Creating new $KIND user" - response=$(curl -sk https://localhost:8086/api/v2/users -X POST -d "{\"name\":\"$USER_EMAIL\"}" -H "Authorization: Token $TOKEN") - check_response "$response" -fi - -log "Looking up user ID" -response=$(curl -sk https://localhost:8086/api/v2/users?limit=100 -H "Authorization: Token $TOKEN") -check_response "$response" -USER_ID=$(echo "$response" | jq -r ".users[] | select(.name == \"$USER_EMAIL\").id") -if [[ -z "$USER_ID" ]]; then - log "$KIND user not found" - exit 1 -fi - -log "Looking up organization ID" -response=$(curl -sk https://localhost:8086/api/v2/orgs?limit=100 -H "Authorization: Token $TOKEN") -check_response "$response" -ORG_ID=$(echo "$response" | jq -r ".orgs[] | select(.name == \"Security Onion\").id") -if [[ -z "$ORG_ID" ]]; then - log "$KIND organization not found" - exit 1 -fi - -if [[ "$OP" == "add" ]]; then - log "Adding new $KIND user to organization" - response=$(curl -sk https://localhost:8086/api/v2/orgs/$ORG_ID/members -X POST -d "{\"id\":\"$USER_ID\"}" -H "Authorization: Token $TOKEN") - check_response "$response" - OP=password -fi - -if [[ "$OP" == "password" ]]; then - read_password - log "Updating $KIND user password" - response=$(curl -sk https://localhost:8086/api/v2/users/$USER_ID/password -X POST -d "{\"password\":\"$USER_PASS\"}" -H "Authorization: Token $TOKEN") - check_response "$response" -fi - -if [[ "$OP" == "delete" ]]; then - log "Deleting $KIND user" - response=$(curl -sk https://localhost:8086/api/v2/users/$USER_ID -X DELETE -H "Authorization: Token $TOKEN") - check_response "$response" -fi - -if [[ "$OP" == "enable" ]]; then - log "Enabling $KIND user" - response=$(curl -sk https://localhost:8086/api/v2/users/$USER_ID -X PATCH -d "{\"name\":\"$USER_EMAIL\",\"status\":\"active\"}" -H "Authorization: Token $TOKEN") - check_response "$response" -fi - -if [[ "$OP" == "disable" ]]; then - log "Disabling $KIND user" - response=$(curl -sk https://localhost:8086/api/v2/users/$USER_ID -X PATCH -d "{\"name\":\"$USER_EMAIL\",\"status\":\"inactive\"}" -H "Authorization: Token $TOKEN") - check_response "$response" -fi diff --git a/salt/common/tools/sbin/so-user b/salt/common/tools/sbin/so-user index 46feef640..da6f3a4fb 100755 --- a/salt/common/tools/sbin/so-user +++ b/salt/common/tools/sbin/so-user @@ -587,8 +587,7 @@ case "${operation}" in createUser "$email" "${role:-$DEFAULT_ROLE}" "${firstName}" "${lastName}" "${note}" syncAll echo "Successfully added new user to SOC" - check_container fleet && echo "$password" | so-fleet-user-add "$email" - echo "$password" | so-influxdb-user add "$email" + echo "$password" | so-influxdb-manage useradd "$email" ;; "list") @@ -629,7 +628,7 @@ case "${operation}" in updateUserPassword "$email" syncAll echo "Successfully updated user password" - echo "$password" | so-influxdb-user password "$email" + echo "$password" | so-influxdb-manage userpass "$email" ;; "profile") @@ -649,8 +648,7 @@ case "${operation}" in updateStatus "$email" 'active' syncAll echo "Successfully enabled user" - echo "Fleet user will need to be recreated manually with so-fleet-user-add" - so-influxdb-user enable "$email" + so-influxdb-manage userenable "$email" ;; "disable") @@ -661,8 +659,7 @@ case "${operation}" in updateStatus "$email" 'locked' syncAll echo "Successfully disabled user" - check_container fleet && so-fleet-user-delete "$email" - so-influxdb-user disable "$email" + so-influxdb-manage userdisable "$email" ;; "delete") @@ -673,8 +670,7 @@ case "${operation}" in deleteUser "$email" syncAll echo "Successfully deleted user" - check_container fleet && so-fleet-user-delete "$email" - so-influxdb-user delete "$email" + so-influxdb-manage userdel "$email" ;; "sync") diff --git a/salt/influxdb/buckets.json.jinja b/salt/influxdb/buckets.json.jinja new file mode 100644 index 000000000..1e4655d31 --- /dev/null +++ b/salt/influxdb/buckets.json.jinja @@ -0,0 +1,3 @@ +{%- from 'influxdb/map.jinja' import INFLUXMERGED %} + +{{ INFLUXMERGED.buckets | json }} \ No newline at end of file diff --git a/salt/influxdb/config.yaml.jinja b/salt/influxdb/config.yaml.jinja index 720c4967c..50b8ff940 100644 --- a/salt/influxdb/config.yaml.jinja +++ b/salt/influxdb/config.yaml.jinja @@ -1,4 +1,3 @@ -{%- import_yaml 'influxdb/defaults.yaml' as INFLUXDEFAULTS %} -{%- set INFLUXMERGED = salt['pillar.get']('influxdb:config', default=INFLUXDEFAULTS.influxdb.config, merge=true) %} +{%- from 'influxdb/map.jinja' import INFLUXMERGED %} -{{ INFLUXMERGED | yaml(false) }} \ No newline at end of file +{{ INFLUXMERGED.config | yaml(false) }} \ No newline at end of file diff --git a/salt/influxdb/defaults.yaml b/salt/influxdb/defaults.yaml index 82e59db90..983844faf 100644 --- a/salt/influxdb/defaults.yaml +++ b/salt/influxdb/defaults.yaml @@ -65,15 +65,13 @@ influxdb: vault-skip-verify: false vault-tls-server-name: "" vault-token: "" - retention_policies: + buckets: so_short_term: - default: True - duration: 30d - shard_duration: 1d + duration: 2592000 + shard_duration: 86400 so_long_term: - default: False - duration: 0d - shard_duration: 7d + duration: 0 + shard_duration: 604800 downsample: so_long_term: resolution: 5m \ No newline at end of file diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls index a3a59db70..96b1e7b76 100644 --- a/salt/influxdb/init.sls +++ b/salt/influxdb/init.sls @@ -33,10 +33,31 @@ influxdbdir: influxdbconf: file.managed: - name: /opt/so/conf/influxdb/config.yaml + - source: salt://influxdb/config.yaml.jinja - user: 939 - group: 939 - template: jinja - - source: salt://influxdb/config.yaml.jinja + +influxdbbucketsconf: + file.managed: + - name: /opt/so/conf/influxdb/buckets.json + - source: salt://influxdb/buckets.json.jinja + - user: 939 + - group: 939 + - template: jinja + +influxdb-templates: + file.recurse: + - name: /opt/so/conf/influxdb/templates + - source: salt://influxdb/templates + - user: 939 + - group: 939 + - template: jinja + - clean: True + +influxdb-setup: + cmd.run: + - name: /usr/sbin/so-influxdb-setup so-influxdb: docker_container.running: @@ -53,7 +74,6 @@ so-influxdb: - DOCKER_INFLUXDB_INIT_PASSWORD={{ PASSWORD }} - DOCKER_INFLUXDB_INIT_ORG=Security Onion - DOCKER_INFLUXDB_INIT_BUCKET=telegraf/so_short_term - - DOCKER_INFLUXDB_INIT_RETENTION=30d - DOCKER_INFLUXDB_INIT_ADMIN_TOKEN={{ TOKEN }} - binds: - /opt/so/log/influxdb/:/log:rw diff --git a/salt/influxdb/map.jinja b/salt/influxdb/map.jinja index a13d4c257..ecbdd1306 100644 --- a/salt/influxdb/map.jinja +++ b/salt/influxdb/map.jinja @@ -1,9 +1,2 @@ -{% import_yaml 'influxdb/defaults.yaml' as INFLUXDB %} -{% set measurements = salt['cmd.shell']('docker exec -t so-influxdb influx -format json -ssl -unsafeSsl -database telegraf -execute "show measurements" 2> /root/measurement_query.log | jq -r .results[0].series[0].values[]?[0] 2>> /root/measurement_query.log', shell='/bin/bash') %} - -{% if measurements|length > 0 %} -{% do INFLUXDB.influxdb.downsample.so_long_term.update('measurements': [])%} -{% for measurement in measurements.splitlines() %} -{% do INFLUXDB.influxdb.downsample.so_long_term.measurements.append(measurement)%} -{% endfor %} -{% endif %} +{%- import_yaml 'influxdb/defaults.yaml' as INFLUXDEFAULTS %} +{%- set INFLUXMERGED = salt['pillar.get']('influxdb', default=INFLUXDEFAULTS.influxdb, merge=true) %} diff --git a/salt/influxdb/soc_influxdb.yaml b/salt/influxdb/soc_influxdb.yaml index cbef9db85..7f6ceb316 100644 --- a/salt/influxdb/soc_influxdb.yaml +++ b/salt/influxdb/soc_influxdb.yaml @@ -328,23 +328,23 @@ influxdb: global: True advanced: True helpLink: influxdb.html - retention_policies: + buckets: so_short_term: duration: - description: Amount of time to keep short term data. + description: Amount of time (in seconds) to keep short term data. global: True helpLink: influxdb.html shard_duration: - description: Time range + description: Amount of the time (in seconds) range covered by the shard group. global: True helpLink: influxdb.html so_long_term: duration: - description: Amount of time to keep long term downsampled data. + description: Amount of time (in seconds) to keep long term downsampled data. global: True helpLink: influxdb.html shard_duration: - description: Amount of the time range covered by the shard group. + description: Amount of the time (in seconds) range covered by the shard group. global: True helpLink: influxdb.html downsample: diff --git a/salt/soc/defaults.map.jinja b/salt/soc/defaults.map.jinja index e26a8050f..912b16f46 100644 --- a/salt/soc/defaults.map.jinja +++ b/salt/soc/defaults.map.jinja @@ -1,6 +1,7 @@ {% import_yaml 'soc/defaults.yaml' as SOCDEFAULTS %} {% from 'vars/globals.map.jinja' import GLOBALS %} {% from 'docker/docker.map.jinja' import DOCKER -%} +{%- set INFLUXDB_TOKEN = salt['pillar.get']('secrets:influx_token') %} {% for module, application_url in GLOBALS.application_urls.items() %} {% do SOCDEFAULTS.soc.server.modules[module].update({'hostUrl': application_url}) %} @@ -15,9 +16,8 @@ {% do SOCDEFAULTS.soc.server.modules.elastic.update({'username': GLOBALS.elasticsearch.auth.users.so_elastic_user.user, 'password': GLOBALS.elasticsearch.auth.users.so_elastic_user.pass}) %} -{% if GLOBALS.role != 'so-import' %} -{% do SOCDEFAULTS.soc.server.modules.influxdb.update({'hostUrl': 'https://' ~ GLOBALS.influxdb_host ~ ':8086'}) %} -{% endif %} +{% do SOCDEFAULTS.soc.server.modules.influxdb.update({'hostUrl': 'https://' ~ GLOBALS.influxdb_host ~ ':8086'}) %} +{% do SOCDEFAULTS.soc.server.modules.influxdb.update({'token': INFLUXDB_TOKEN}) %} {% do SOCDEFAULTS.soc.server.modules.statickeyauth.update({'anonymousCidr': DOCKER.sorange, 'apiKey': pillar.sensoroni.sensoronikey}) %} diff --git a/salt/soc/defaults.yaml b/salt/soc/defaults.yaml index b83b94493..0723f2da9 100644 --- a/salt/soc/defaults.yaml +++ b/salt/soc/defaults.yaml @@ -1031,9 +1031,9 @@ soc: asyncThreshold: 10 influxdb: hostUrl: - token: '' - org: '' - bucket: telegraf + token: + org: Security Onion + bucket: telegraf/so_short_term verifyCert: false salt: saltPipe: /opt/sensoroni/salt/pipe From 7dee2686ac3eec272f1074cc0133b575d37452df Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 10 Feb 2023 18:19:31 -0500 Subject: [PATCH 39/62] influx upgrade --- salt/common/tools/sbin/so-influxdb-manage | 80 ++++++++++++----------- salt/influxdb/init.sls | 2 +- salt/influxdb/templates/container.json | 2 +- salt/influxdb/templates/host.json | 2 +- salt/influxdb/templates/role.json | 2 +- 5 files changed, 47 insertions(+), 41 deletions(-) diff --git a/salt/common/tools/sbin/so-influxdb-manage b/salt/common/tools/sbin/so-influxdb-manage index e5f480369..40eb2e1e2 100644 --- a/salt/common/tools/sbin/so-influxdb-manage +++ b/salt/common/tools/sbin/so-influxdb-manage @@ -12,7 +12,6 @@ usage() { echo "" echo "Supported Operations:" echo " setup Loads all templates and creates all required buckets" - echo " templateapply Applies a single template file, requires: " echo " userlist Lists users" echo " useradd Adds a new user, requires: " echo " userdel Removes an existing user, requires: " @@ -108,18 +107,17 @@ change_password() { check_response "$response" } -apply_template() { +apply_templates() { token=$1 oid=$2 stackid=$3 - file=$4 - content=$(cat $file) - body="{\"orgID\":\"$oid\",\"stackID\":\"$stackid\",\"template\":{\"contents\":$content}}" + template_objects_array=$4 + body="{\"orgID\":\"$oid\",\"stackID\":\"$stackid\",\"templates\":$template_objects_array}" response=$(curl -sk https://localhost:8086/api/v2/templates/apply -X POST -d "$body" -H "Authorization: Token $token") check_response "$response" } -create_bucket() { +setup_bucket() { token=$1 oid=$2 name=$3 @@ -127,50 +125,58 @@ create_bucket() { shardduration=$5 response=$(curl -sk "https://localhost:8086/api/v2/buckets?orgID=$oid&name=$name" -H "Authorization: Token $token") - check_response "$response" bucketid=$(echo "$response" | jq -r ".buckets[0].id") - if [[ -z "$stackid" || "$stackid" == null ]]; then - response=$(curl -sk https://localhost:8086/api/v2/buckets -X POST -d "{\"name\":\"$name\",\"orgID\":\"oid\"}" -H "Authorization: Token $token") + if [[ -z "$bucketid" || "$bucketid" == null ]]; then + response=$(curl -sk https://localhost:8086/api/v2/buckets -X POST -d "{\"name\":\"$name\",\"orgID\":\"$oid\"}" -H "Authorization: Token $token") check_response "$response" bucketid=$(echo "$response" | jq -r .id) fi - response=$(curl -sk "https://localhost:8086/api/v2/buckets/$bucketid" -d "{\"name\":\"$name\",\"retentionRules\":[{\"everySeconds\":$age,\"shardGroupDurationSeconds\":$shardduration,\"type\":\"expire\"}]}" -H "Authorization: Token $token") + response=$(curl -sk "https://localhost:8086/api/v2/buckets/$bucketid" -X PATCH -d "{\"name\":\"$name\",\"retentionRules\":[{\"everySeconds\":$age,\"shardGroupDurationSeconds\":$shardduration,\"type\":\"expire\"}]}" -H "Authorization: Token $token") check_response "$response" } case "$OP" in - templateload) - [ $# -ne 1 ] && usage - file=$1 - log "Applying template file; file=$file" - token=$(lookup_pillar_secret influx_token) - oid=$(lookup_org_id "$token") - stackid=$(lookup_stack_id "$token" "$oid") - apply_template "$token" "$oid" "$stackid" "$file" - ;; - setup) log "Ensuring organization is setup correctly" - token=$(lookup_pillar_secret influx_token) - oid=$(lookup_org_id "$token") - # Load templates - stackid=$(lookup_stack_id "$token" "$oid") - for file in /opt/so/conf/influxdb/templates/*; do - log "Ensuring template is loaded; template=$file" - apply_template "$token" "$oid" "$stackid" "$file" - done + # Load templates if at least one has been modified since the last setup + newest=$(ls -1t /opt/so/conf/influxdb/templates/ | head -1) + if [ /opt/so/conf/influxdb/templates/$newest -nt /opt/so/conf/influxdb/last_template_setup ]; then + log "Updating templates" + token=$(lookup_pillar_secret influx_token) + oid=$(lookup_org_id "$token") + stackid=$(lookup_stack_id "$token" "$oid") + for file in /opt/so/conf/influxdb/templates/*; do + if [[ "$templates_array" != "" ]]; then + templates_array="$templates_array," + fi + template=$(cat "$file") + templates_array="$templates_array{\"contents\":$template}" + done + apply_templates "$token" "$oid" "$stackid" "[$templates_array]" + echo $(date) > /opt/so/conf/influxdb/last_template_setup + else + log "Templates have not been modified since last setup" + fi - # Setup buckets and retention periods - for rp in so_short_term so_long_term; do - bucket=telegraf/$rp - log "Ensuring bucket is created and configured; bucket=$bucket" - age=$(cat /opt/so/conf/influxdb/buckets.json | jq -r .$rp.duration) - shard_duration=$(cat /opt/so/conf/influxdb/buckets.json | jq -r .$rp.shard_duration) - create_bucket "$token" "$oid" "$bucket" "$age" "$shard_duration" - done - ;; + # Setup buckets and retention periods if at least one has been modified since the last setup + if [ /opt/so/conf/influxdb/buckets.json -nt /opt/so/conf/influxdb/last_bucket_setup ]; then + log "Updating buckets and retention periods" + token=$(lookup_pillar_secret influx_token) + oid=$(lookup_org_id "$token") + for rp in so_short_term so_long_term; do + bucket=telegraf/$rp + log "Ensuring bucket is created and configured; bucket=$bucket" + age=$(cat /opt/so/conf/influxdb/buckets.json | jq -r .$rp.duration) + shard_duration=$(cat /opt/so/conf/influxdb/buckets.json | jq -r .$rp.shard_duration) + setup_bucket "$token" "$oid" "$bucket" "$age" "$shard_duration" + done + echo $(date) > /opt/so/conf/influxdb/last_bucket_setup + else + log "Buckets have not been modified since last setup" + fi + ;; userlist) log "Listing existing users" diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls index 96b1e7b76..efd46ac7d 100644 --- a/salt/influxdb/init.sls +++ b/salt/influxdb/init.sls @@ -57,7 +57,7 @@ influxdb-templates: influxdb-setup: cmd.run: - - name: /usr/sbin/so-influxdb-setup + - name: /usr/sbin/so-influxdb-manage setup &>> /opt/so/log/influxdb/setup.log so-influxdb: docker_container.running: diff --git a/salt/influxdb/templates/container.json b/salt/influxdb/templates/container.json index 77ff20bde..48f8ac95d 100644 --- a/salt/influxdb/templates/container.json +++ b/salt/influxdb/templates/container.json @@ -1 +1 @@ -[{"apiVersion":"influxdata.com/v2alpha1","kind":"Variable","metadata":{"name":"variable-container"},"spec":{"language":"flux","name":"container","query":"import \"array\"\n\ndynamic = from(bucket: \"telegraf\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"host\"] == v.host)\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> keep(columns: [\"container_name\"])\n |> rename(fn: (column) => \"_value\")\n |> unique()\n\nstatic = array.from(\n rows: [\n {\n _value: \"All\",\n },\n ],\n)\n\nunion(tables: [static, dynamic])","selected":["cool_gauss"],"type":"query"}}] +[{"apiVersion":"influxdata.com/v2alpha1","kind":"Variable","metadata":{"name":"variable-container"},"spec":{"language":"flux","name":"container","query":"import \"array\"\n\ndynamic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"host\"] == v.host)\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> keep(columns: [\"container_name\"])\n |> rename(fn: (column) => \"_value\")\n |> unique()\n\nstatic = array.from(\n rows: [\n {\n _value: \"All\",\n },\n ],\n)\n\nunion(tables: [static, dynamic])","selected":["cool_gauss"],"type":"query"}}] diff --git a/salt/influxdb/templates/host.json b/salt/influxdb/templates/host.json index adfdf884f..8d9f663e1 100644 --- a/salt/influxdb/templates/host.json +++ b/salt/influxdb/templates/host.json @@ -1 +1 @@ -[{"apiVersion":"influxdata.com/v2alpha1","kind":"Variable","metadata":{"name":"variable-host"},"spec":{"language":"flux","name":"host","query":"import \"influxdata/influxdb/schema\"\nimport \"array\"\n\ndynamic = schema.tagValues(bucket: \"telegraf\", tag: \"host\")\n\nstatic = array.from(\n rows: [\n {\n _value: \"All\",\n },\n ],\n)\n\nunion(tables: [static, dynamic])","selected":["dev"],"type":"query"}}] +[{"apiVersion":"influxdata.com/v2alpha1","kind":"Variable","metadata":{"name":"variable-host"},"spec":{"language":"flux","name":"host","query":"import \"influxdata/influxdb/schema\"\nimport \"array\"\n\ndynamic = schema.tagValues(bucket: \"telegraf/so_short_term\", tag: \"host\")\n\nstatic = array.from(\n rows: [\n {\n _value: \"All\",\n },\n ],\n)\n\nunion(tables: [static, dynamic])","selected":["dev"],"type":"query"}}] diff --git a/salt/influxdb/templates/role.json b/salt/influxdb/templates/role.json index 72b48bdd7..2a895563c 100644 --- a/salt/influxdb/templates/role.json +++ b/salt/influxdb/templates/role.json @@ -1 +1 @@ -[{"apiVersion":"influxdata.com/v2alpha1","kind":"Variable","metadata":{"name":"variable-role"},"spec":{"language":"flux","name":"role","query":"import \"influxdata/influxdb/schema\"\nimport \"array\"\n\ndynamic = schema.tagValues(bucket: \"telegraf\", tag: \"role\")\n\nstatic = array.from(\n rows: [\n {\n _value: \"All\",\n },\n ],\n)\n\nunion(tables: [static, dynamic])","selected":["standalone"],"type":"query"}}] +[{"apiVersion":"influxdata.com/v2alpha1","kind":"Variable","metadata":{"name":"variable-role"},"spec":{"language":"flux","name":"role","query":"import \"influxdata/influxdb/schema\"\nimport \"array\"\n\ndynamic = schema.tagValues(bucket: \"telegraf/so_short_term\", tag: \"role\")\n\nstatic = array.from(\n rows: [\n {\n _value: \"All\",\n },\n ],\n)\n\nunion(tables: [static, dynamic])","selected":["standalone"],"type":"query"}}] From 39009ce938d746c6c566b69a66ecdb3d1094f761 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 10 Feb 2023 18:32:01 -0500 Subject: [PATCH 40/62] influx upgrade --- salt/influxdb/templates/container.json | 2 +- salt/influxdb/templates/host.json | 2 +- salt/influxdb/templates/role.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/influxdb/templates/container.json b/salt/influxdb/templates/container.json index 48f8ac95d..3713444b3 100644 --- a/salt/influxdb/templates/container.json +++ b/salt/influxdb/templates/container.json @@ -1 +1 @@ -[{"apiVersion":"influxdata.com/v2alpha1","kind":"Variable","metadata":{"name":"variable-container"},"spec":{"language":"flux","name":"container","query":"import \"array\"\n\ndynamic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"host\"] == v.host)\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> keep(columns: [\"container_name\"])\n |> rename(fn: (column) => \"_value\")\n |> unique()\n\nstatic = array.from(\n rows: [\n {\n _value: \"All\",\n },\n ],\n)\n\nunion(tables: [static, dynamic])","selected":["cool_gauss"],"type":"query"}}] +[{"apiVersion":"influxdata.com/v2alpha1","kind":"Variable","metadata":{"name":"variable-container"},"spec":{"language":"flux","name":"Container","query":"import \"array\"\n\ndynamic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"host\"] == v.host)\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> keep(columns: [\"container_name\"])\n |> rename(fn: (column) => \"_value\")\n |> unique()\n\nstatic = array.from(\n rows: [\n {\n _value: \"All\",\n },\n ],\n)\n\nunion(tables: [static, dynamic])","selected":["cool_gauss"],"type":"query"}}] diff --git a/salt/influxdb/templates/host.json b/salt/influxdb/templates/host.json index 8d9f663e1..8e465c803 100644 --- a/salt/influxdb/templates/host.json +++ b/salt/influxdb/templates/host.json @@ -1 +1 @@ -[{"apiVersion":"influxdata.com/v2alpha1","kind":"Variable","metadata":{"name":"variable-host"},"spec":{"language":"flux","name":"host","query":"import \"influxdata/influxdb/schema\"\nimport \"array\"\n\ndynamic = schema.tagValues(bucket: \"telegraf/so_short_term\", tag: \"host\")\n\nstatic = array.from(\n rows: [\n {\n _value: \"All\",\n },\n ],\n)\n\nunion(tables: [static, dynamic])","selected":["dev"],"type":"query"}}] +[{"apiVersion":"influxdata.com/v2alpha1","kind":"Variable","metadata":{"name":"variable-host"},"spec":{"language":"flux","name":"Host","query":"import \"influxdata/influxdb/schema\"\nimport \"array\"\n\ndynamic = schema.tagValues(bucket: \"telegraf/so_short_term\", tag: \"host\")\n\nstatic = array.from(\n rows: [\n {\n _value: \"All\",\n },\n ],\n)\n\nunion(tables: [static, dynamic])","selected":["dev"],"type":"query"}}] diff --git a/salt/influxdb/templates/role.json b/salt/influxdb/templates/role.json index 2a895563c..af65a14f3 100644 --- a/salt/influxdb/templates/role.json +++ b/salt/influxdb/templates/role.json @@ -1 +1 @@ -[{"apiVersion":"influxdata.com/v2alpha1","kind":"Variable","metadata":{"name":"variable-role"},"spec":{"language":"flux","name":"role","query":"import \"influxdata/influxdb/schema\"\nimport \"array\"\n\ndynamic = schema.tagValues(bucket: \"telegraf/so_short_term\", tag: \"role\")\n\nstatic = array.from(\n rows: [\n {\n _value: \"All\",\n },\n ],\n)\n\nunion(tables: [static, dynamic])","selected":["standalone"],"type":"query"}}] +[{"apiVersion":"influxdata.com/v2alpha1","kind":"Variable","metadata":{"name":"variable-role"},"spec":{"language":"flux","name":"Role","query":"import \"influxdata/influxdb/schema\"\nimport \"array\"\n\ndynamic = schema.tagValues(bucket: \"telegraf/so_short_term\", tag: \"role\")\n\nstatic = array.from(\n rows: [\n {\n _value: \"All\",\n },\n ],\n)\n\nunion(tables: [static, dynamic])","selected":["standalone"],"type":"query"}}] From 0056b8f703e51682943f386d189c5a8e72df588d Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 10 Feb 2023 18:35:18 -0500 Subject: [PATCH 41/62] influx upgrade --- salt/influxdb/defaults.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/influxdb/defaults.yaml b/salt/influxdb/defaults.yaml index 983844faf..373f6a603 100644 --- a/salt/influxdb/defaults.yaml +++ b/salt/influxdb/defaults.yaml @@ -26,7 +26,7 @@ influxdb: query-queue-size: 500 reporting-disabled: true secret-store: bolt - session-length: 60 + session-length: 10080 session-renew-disabled: false sqlite-path: /var/lib/influxdb2/influxd.sqlite storage-cache-max-memory-size: 1073741824 From 4f0af9ac6b6f4ee2aa9350aecb1be31b7197ab5e Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 10 Feb 2023 18:41:29 -0500 Subject: [PATCH 42/62] influx upgrade --- salt/influxdb/templates/container.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/influxdb/templates/container.json b/salt/influxdb/templates/container.json index 3713444b3..8e3b86530 100644 --- a/salt/influxdb/templates/container.json +++ b/salt/influxdb/templates/container.json @@ -1 +1 @@ -[{"apiVersion":"influxdata.com/v2alpha1","kind":"Variable","metadata":{"name":"variable-container"},"spec":{"language":"flux","name":"Container","query":"import \"array\"\n\ndynamic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"host\"] == v.host)\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> keep(columns: [\"container_name\"])\n |> rename(fn: (column) => \"_value\")\n |> unique()\n\nstatic = array.from(\n rows: [\n {\n _value: \"All\",\n },\n ],\n)\n\nunion(tables: [static, dynamic])","selected":["cool_gauss"],"type":"query"}}] +[{"apiVersion":"influxdata.com/v2alpha1","kind":"Variable","metadata":{"name":"variable-container"},"spec":{"language":"flux","name":"Container","query":"import \"array\"\n\ndynamic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"host\"] == v.Host)\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> keep(columns: [\"container_name\"])\n |> rename(fn: (column) => \"_value\")\n |> unique()\n\nstatic = array.from(\n rows: [\n {\n _value: \"All\",\n },\n ],\n)\n\nunion(tables: [static, dynamic])","selected":["cool_gauss"],"type":"query"}}] From e5c26032c428680f814d91f08191af21c7e7bd17 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 10 Feb 2023 19:37:59 -0500 Subject: [PATCH 43/62] influx upgrade --- salt/common/tools/sbin/so-influxdb-manage | 104 ++++++++++------------ salt/influxdb/curl.config.jinja | 1 + salt/influxdb/init.sls | 8 ++ salt/influxdb/templates/container.json | 2 +- salt/influxdb/templates/host.json | 2 +- salt/influxdb/templates/role.json | 2 +- 6 files changed, 61 insertions(+), 58 deletions(-) create mode 100644 salt/influxdb/curl.config.jinja diff --git a/salt/common/tools/sbin/so-influxdb-manage b/salt/common/tools/sbin/so-influxdb-manage index 40eb2e1e2..964a1b517 100644 --- a/salt/common/tools/sbin/so-influxdb-manage +++ b/salt/common/tools/sbin/so-influxdb-manage @@ -44,10 +44,14 @@ check_response() { fi } +request() { + curl -skK /opt/so/conf/influxdb/curl.config "https://localhost:8086/api/v2/$@" +} + lookup_user_id() { - token=$1 - email=$2 - response=$(curl -sk https://localhost:8086/api/v2/users?limit=100 -H "Authorization: Token $token") + email=$1 + + response=$(request users?limit=100) check_response "$response" uid=$(echo "$response" | jq -r ".users[] | select(.name == \"$email\").id") if [[ -z "$uid" ]]; then @@ -58,8 +62,7 @@ lookup_user_id() { } lookup_org_id() { - token=$1 - response=$(curl -sk https://localhost:8086/api/v2/orgs?limit=100 -H "Authorization: Token $token") + response=$(request orgs?limit=100) check_response "$response" oid=$(echo "$response" | jq -r ".orgs[] | select(.name == \"Security Onion\").id") if [[ -z "$oid" ]]; then @@ -70,13 +73,13 @@ lookup_org_id() { } lookup_stack_id() { - token=$1 - oid=$2 - response=$(curl -sk "https://localhost:8086/api/v2/stacks?orgID=$oid&name=Security+Onion" -H "Authorization: Token $token") + oid=$1 + + response=$(request "stacks?orgID=$oid&name=Security+Onion") check_response "$response" stackid=$(echo "$response" | jq -r ".stacks[0].id") if [[ -z "$stackid" || "$stackid" == null ]]; then - response=$(curl -sk https://localhost:8086/api/v2/stacks -X POST -d "{\"name\":\"Security Onion\",\"orgID\":\"$oid\"}" -H "Authorization: Token $token") + response=$(request stacks -X POST -d "{\"name\":\"Security Onion\",\"orgID\":\"$oid\"}") check_response "$response" stackid=$(echo "$response" | jq -r .id) fi @@ -84,17 +87,17 @@ lookup_stack_id() { } add_user_to_org() { - token=$1 - uid=$2 - oid=$3 + uid=$1 + oid=$2 + log "Adding new user to organization" - response=$(curl -sk https://localhost:8086/api/v2/orgs/$oid/members -X POST -d "{\"id\":\"$uid\"}" -H "Authorization: Token $token") + response=$(request orgs/$oid/members -X POST -d "{\"id\":\"$uid\"}") check_response "$response" } change_password() { - token=$1 - uid=$2 + uid=$1 + set +e test -t 0 if [[ $? == 0 ]]; then @@ -103,35 +106,34 @@ change_password() { set -e read -rs pass check_password_and_exit "$pass" - response=$(curl -sk https://localhost:8086/api/v2/users/$uid/password -X POST -d "{\"password\":\"$pass\"}" -H "Authorization: Token $token") + response=$(request users/$uid/password -X POST -d "{\"password\":\"$pass\"}") check_response "$response" } apply_templates() { - token=$1 - oid=$2 - stackid=$3 - template_objects_array=$4 + oid=$1 + stackid=$2 + template_objects_array=$3 + body="{\"orgID\":\"$oid\",\"stackID\":\"$stackid\",\"templates\":$template_objects_array}" - response=$(curl -sk https://localhost:8086/api/v2/templates/apply -X POST -d "$body" -H "Authorization: Token $token") + response=$(request templates/apply -X POST -d "$body") check_response "$response" } setup_bucket() { - token=$1 - oid=$2 - name=$3 - age=$4 - shardduration=$5 + oid=$1 + name=$2 + age=$3 + shardduration=$4 - response=$(curl -sk "https://localhost:8086/api/v2/buckets?orgID=$oid&name=$name" -H "Authorization: Token $token") + response=$(request "buckets?orgID=$oid&name=$name") bucketid=$(echo "$response" | jq -r ".buckets[0].id") if [[ -z "$bucketid" || "$bucketid" == null ]]; then - response=$(curl -sk https://localhost:8086/api/v2/buckets -X POST -d "{\"name\":\"$name\",\"orgID\":\"$oid\"}" -H "Authorization: Token $token") + response=$(request buckets -X POST -d "{\"name\":\"$name\",\"orgID\":\"$oid\"}") check_response "$response" bucketid=$(echo "$response" | jq -r .id) fi - response=$(curl -sk "https://localhost:8086/api/v2/buckets/$bucketid" -X PATCH -d "{\"name\":\"$name\",\"retentionRules\":[{\"everySeconds\":$age,\"shardGroupDurationSeconds\":$shardduration,\"type\":\"expire\"}]}" -H "Authorization: Token $token") + response=$(request buckets/$bucketid -X PATCH -d "{\"name\":\"$name\",\"retentionRules\":[{\"everySeconds\":$age,\"shardGroupDurationSeconds\":$shardduration,\"type\":\"expire\"}]}") check_response "$response" } @@ -144,9 +146,8 @@ case "$OP" in newest=$(ls -1t /opt/so/conf/influxdb/templates/ | head -1) if [ /opt/so/conf/influxdb/templates/$newest -nt /opt/so/conf/influxdb/last_template_setup ]; then log "Updating templates" - token=$(lookup_pillar_secret influx_token) - oid=$(lookup_org_id "$token") - stackid=$(lookup_stack_id "$token" "$oid") + oid=$(lookup_org_id) + stackid=$(lookup_stack_id "$oid") for file in /opt/so/conf/influxdb/templates/*; do if [[ "$templates_array" != "" ]]; then templates_array="$templates_array," @@ -154,7 +155,7 @@ case "$OP" in template=$(cat "$file") templates_array="$templates_array{\"contents\":$template}" done - apply_templates "$token" "$oid" "$stackid" "[$templates_array]" + apply_templates "$oid" "$stackid" "[$templates_array]" echo $(date) > /opt/so/conf/influxdb/last_template_setup else log "Templates have not been modified since last setup" @@ -163,14 +164,13 @@ case "$OP" in # Setup buckets and retention periods if at least one has been modified since the last setup if [ /opt/so/conf/influxdb/buckets.json -nt /opt/so/conf/influxdb/last_bucket_setup ]; then log "Updating buckets and retention periods" - token=$(lookup_pillar_secret influx_token) - oid=$(lookup_org_id "$token") + oid=$(lookup_org_id) for rp in so_short_term so_long_term; do bucket=telegraf/$rp log "Ensuring bucket is created and configured; bucket=$bucket" age=$(cat /opt/so/conf/influxdb/buckets.json | jq -r .$rp.duration) shard_duration=$(cat /opt/so/conf/influxdb/buckets.json | jq -r .$rp.shard_duration) - setup_bucket "$token" "$oid" "$bucket" "$age" "$shard_duration" + setup_bucket "$oid" "$bucket" "$age" "$shard_duration" done echo $(date) > /opt/so/conf/influxdb/last_bucket_setup else @@ -180,8 +180,7 @@ case "$OP" in userlist) log "Listing existing users" - token=$(lookup_pillar_secret influx_token) - response=$(curl -sk https://localhost:8086/api/v2/users -H "Authorization: Token $token") + response=$(request users) check_response "$response" echo "$response" | jq -r '.users[] | "\(.id): \(.name) (\(.status))"' ;; @@ -190,31 +189,28 @@ case "$OP" in [ $# -ne 1 ] && usage email=$1 log "Adding new user; email=$email" - token=$(lookup_pillar_secret influx_token) - oid=$(lookup_org_id "$token") - response=$(curl -sk https://localhost:8086/api/v2/users -X POST -d "{\"name\":\"$email\"}" -H "Authorization: Token $token") + oid=$(lookup_org_id) + response=$(request users -X POST -d "{\"name\":\"$email\"}") check_response "$response" uid=$(echo "$response" | jq -r .id) - add_user_to_org "$token" "$uid" "$oid" - change_password "$token" "$uid" + add_user_to_org "$uid" "$oid" + change_password "$uid" ;; userpass) [ $# -ne 1 ] && usage email=$1 log "Updating user password; email=$email" - token=$(lookup_pillar_secret influx_token) - uid=$(lookup_user_id "$token" "$email") - change_password "$token" "$uid" + uid=$(lookup_user_id "$email") + change_password "$uid" ;; userdel) [ $# -ne 1 ] && usage email=$1 log "Deleting user; email=$email" - token=$(lookup_pillar_secret influx_token) - uid=$(lookup_user_id "$token" "$email") - response=$(curl -sk https://localhost:8086/api/v2/users/$uid -X DELETE -H "Authorization: Token $token") + uid=$(lookup_user_id "$email") + response=$(request users/$uid -X DELETE) check_response "$response" ;; @@ -222,9 +218,8 @@ case "$OP" in [ $# -ne 1 ] && usage email=$1 log "Enabling user; email=$email" - token=$(lookup_pillar_secret influx_token) - uid=$(lookup_user_id "$token" "$email") - response=$(curl -sk https://localhost:8086/api/v2/users/$uid -X PATCH -d "{\"name\":\"$email\",\"status\":\"active\"}" -H "Authorization: Token $token") + uid=$(lookup_user_id "$email") + response=$(request users/$uid -X PATCH -d "{\"name\":\"$email\",\"status\":\"active\"}") check_response "$response" ;; @@ -232,9 +227,8 @@ case "$OP" in [ $# -ne 1 ] && usage email=$1 log "Disabling user; email=$email" - token=$(lookup_pillar_secret influx_token) - uid=$(lookup_user_id "$token" "$email") - response=$(curl -sk https://localhost:8086/api/v2/users/$uid -X PATCH -d "{\"name\":\"$email\",\"status\":\"inactive\"}" -H "Authorization: Token $token") + uid=$(lookup_user_id "$email") + response=$(request users/$uid -X PATCH -d "{\"name\":\"$email\",\"status\":\"inactive\"}") check_response "$response" ;; diff --git a/salt/influxdb/curl.config.jinja b/salt/influxdb/curl.config.jinja new file mode 100644 index 000000000..9f636e851 --- /dev/null +++ b/salt/influxdb/curl.config.jinja @@ -0,0 +1 @@ +header = "Authorization: Token {{ salt['pillar.get']('secrets:influx_token') }}" \ No newline at end of file diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls index efd46ac7d..5b77a6b49 100644 --- a/salt/influxdb/init.sls +++ b/salt/influxdb/init.sls @@ -55,6 +55,14 @@ influxdb-templates: - template: jinja - clean: True +influxdb_curl_config: + file.managed: + - name: /opt/so/conf/influxdb/curl.config + - source: salt://influxdb/curl.config.jinja + - mode: 600 + - show_changes: False + - makedirs: True + influxdb-setup: cmd.run: - name: /usr/sbin/so-influxdb-manage setup &>> /opt/so/log/influxdb/setup.log diff --git a/salt/influxdb/templates/container.json b/salt/influxdb/templates/container.json index 8e3b86530..e97ea246b 100644 --- a/salt/influxdb/templates/container.json +++ b/salt/influxdb/templates/container.json @@ -1 +1 @@ -[{"apiVersion":"influxdata.com/v2alpha1","kind":"Variable","metadata":{"name":"variable-container"},"spec":{"language":"flux","name":"Container","query":"import \"array\"\n\ndynamic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"host\"] == v.Host)\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> keep(columns: [\"container_name\"])\n |> rename(fn: (column) => \"_value\")\n |> unique()\n\nstatic = array.from(\n rows: [\n {\n _value: \"All\",\n },\n ],\n)\n\nunion(tables: [static, dynamic])","selected":["cool_gauss"],"type":"query"}}] +[{"apiVersion":"influxdata.com/v2alpha1","kind":"Variable","metadata":{"name":"variable-container"},"spec":{"language":"flux","name":"Container","query":"import \"array\"\n\ndynamic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"host\"] == v.Host)\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> keep(columns: [\"container_name\"])\n |> rename(fn: (column) => \"_value\")\n |> unique()\n\nstatic = array.from(\n rows: [\n {\n _value: \"(All)\",\n },\n ],\n)\n\nunion(tables: [static, dynamic])","selected":["cool_gauss"],"type":"query"}}] diff --git a/salt/influxdb/templates/host.json b/salt/influxdb/templates/host.json index 8e465c803..293884aab 100644 --- a/salt/influxdb/templates/host.json +++ b/salt/influxdb/templates/host.json @@ -1 +1 @@ -[{"apiVersion":"influxdata.com/v2alpha1","kind":"Variable","metadata":{"name":"variable-host"},"spec":{"language":"flux","name":"Host","query":"import \"influxdata/influxdb/schema\"\nimport \"array\"\n\ndynamic = schema.tagValues(bucket: \"telegraf/so_short_term\", tag: \"host\")\n\nstatic = array.from(\n rows: [\n {\n _value: \"All\",\n },\n ],\n)\n\nunion(tables: [static, dynamic])","selected":["dev"],"type":"query"}}] +[{"apiVersion":"influxdata.com/v2alpha1","kind":"Variable","metadata":{"name":"variable-host"},"spec":{"language":"flux","name":"Host","query":"import \"influxdata/influxdb/schema\"\nimport \"array\"\n\ndynamic = schema.tagValues(bucket: \"telegraf/so_short_term\", tag: \"host\")\n\nstatic = array.from(\n rows: [\n {\n _value: \"(All)\",\n },\n ],\n)\n\nunion(tables: [static, dynamic])","selected":["dev"],"type":"query"}}] diff --git a/salt/influxdb/templates/role.json b/salt/influxdb/templates/role.json index af65a14f3..b189dddc8 100644 --- a/salt/influxdb/templates/role.json +++ b/salt/influxdb/templates/role.json @@ -1 +1 @@ -[{"apiVersion":"influxdata.com/v2alpha1","kind":"Variable","metadata":{"name":"variable-role"},"spec":{"language":"flux","name":"Role","query":"import \"influxdata/influxdb/schema\"\nimport \"array\"\n\ndynamic = schema.tagValues(bucket: \"telegraf/so_short_term\", tag: \"role\")\n\nstatic = array.from(\n rows: [\n {\n _value: \"All\",\n },\n ],\n)\n\nunion(tables: [static, dynamic])","selected":["standalone"],"type":"query"}}] +[{"apiVersion":"influxdata.com/v2alpha1","kind":"Variable","metadata":{"name":"variable-role"},"spec":{"language":"flux","name":"Role","query":"import \"influxdata/influxdb/schema\"\nimport \"array\"\n\ndynamic = schema.tagValues(bucket: \"telegraf/so_short_term\", tag: \"role\")\n\nstatic = array.from(\n rows: [\n {\n _value: \"(All)\",\n },\n ],\n)\n\nunion(tables: [static, dynamic])","selected":["standalone"],"type":"query"}}] From 34d19e308fe742a435ed1d7185ead54f315af833 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Fri, 10 Feb 2023 19:42:25 -0500 Subject: [PATCH 44/62] influx upgrade --- salt/influxdb/init.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls index 5b77a6b49..396b9567c 100644 --- a/salt/influxdb/init.sls +++ b/salt/influxdb/init.sls @@ -60,6 +60,7 @@ influxdb_curl_config: - name: /opt/so/conf/influxdb/curl.config - source: salt://influxdb/curl.config.jinja - mode: 600 + - template: jinja - show_changes: False - makedirs: True From 47af14c2655fd8f8e8975983ef300dd60af471da Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 13 Feb 2023 09:51:48 -0500 Subject: [PATCH 45/62] upgrade influx --- salt/common/tools/sbin/so-influxdb-clean | 45 ------------ salt/common/tools/sbin/so-influxdb-downsample | 55 --------------- .../tools/sbin/so-influxdb-drop-autogen | 26 ------- salt/influxdb/buckets.json.jinja | 2 - salt/influxdb/config.yaml.jinja | 2 - salt/influxdb/init.sls | 7 ++ salt/influxdb/templates/downsample.json | 1 + .../templates/security_onion_performance.json | 2 +- .../files/influxdb_continuous_query.py.patch | 4 -- .../files/influxdb_retention_policy.py.patch | 16 ----- salt/salt/files/influxdbmod.py.patch | 16 ----- salt/salt/map.jinja | 8 --- salt/salt/minion.sls | 15 ---- salt/salt/python3-influxdb.sls | 70 ------------------- 14 files changed, 9 insertions(+), 260 deletions(-) delete mode 100755 salt/common/tools/sbin/so-influxdb-clean delete mode 100755 salt/common/tools/sbin/so-influxdb-downsample delete mode 100755 salt/common/tools/sbin/so-influxdb-drop-autogen create mode 100644 salt/influxdb/templates/downsample.json delete mode 100644 salt/salt/files/influxdb_continuous_query.py.patch delete mode 100644 salt/salt/files/influxdb_retention_policy.py.patch delete mode 100644 salt/salt/files/influxdbmod.py.patch delete mode 100644 salt/salt/python3-influxdb.sls diff --git a/salt/common/tools/sbin/so-influxdb-clean b/salt/common/tools/sbin/so-influxdb-clean deleted file mode 100755 index 1b903bbe5..000000000 --- a/salt/common/tools/sbin/so-influxdb-clean +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - - -. /usr/sbin/so-common - -wdurregex="^[0-9]+w$" -ddurregex="^[0-9]+d$" - -echo -e "\nThis script is used to reduce the size of InfluxDB by removing old data and retaining only the duration specified." -echo "The duration will need to be specified as an integer followed by the duration unit without a space." -echo -e "\nFor example, to purge all data but retain the past 12 weeks, specify 12w for the duration." -echo "The duration units are as follows:" -echo " w - week(s)" -echo " d - day(s)" - -while true; do - echo "" - read -p 'Enter the duration of past data that you would like to retain: ' duration - duration=$(echo $duration | tr '[:upper:]' '[:lower:]') - - if [[ "$duration" =~ $wdurregex ]] || [[ "$duration" =~ $ddurregex ]]; then - break - fi - - echo -e "\nInvalid duration." -done - -echo -e "\nInfluxDB will now be cleaned and leave only the past $duration worth of data." -read -r -p "Are you sure you want to continue? [y/N] " yorn -if [[ "$yorn" =~ ^([yY][eE][sS]|[yY])$ ]]; then - echo -e "\nCleaning InfluxDb and saving only the past $duration. This may could take several minutes depending on how much data needs to be cleaned." - if docker exec -t so-influxdb /bin/bash -c "influx -ssl -unsafeSsl -database telegraf -execute \"DELETE FROM /.*/ WHERE \"time\" >= '2020-01-01T00:00:00.0000000Z' AND \"time\" <= now() - $duration\""; then - echo -e "\nInfluxDb clean complete." - else - echo -e "\nSomething went wrong with cleaning InfluxDB. Please verify that the so-influxdb Docker container is running, and check the log at /opt/so/log/influxdb/influxdb.log for any details." - fi -else - echo -e "\nExiting as requested." -fi diff --git a/salt/common/tools/sbin/so-influxdb-downsample b/salt/common/tools/sbin/so-influxdb-downsample deleted file mode 100755 index ef44cd91d..000000000 --- a/salt/common/tools/sbin/so-influxdb-downsample +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - -{%- set role = grains.id.split('_') | last %} -{%- if role in ['manager', 'managersearch', 'eval', 'standalone'] %} - {%- import_yaml 'influxdb/defaults.yaml' as default_settings %} - {%- set influxdb = salt['grains.filter_by'](default_settings, default='influxdb', merge=salt['pillar.get']('influxdb', {})) %} - -. /usr/sbin/so-common - -echo -e "\nThis script is used to reduce the size of InfluxDB by downsampling old data into the so_long_term retention policy." - -echo -e "\nInfluxDB will now be downsampled. This could take a few hours depending on how large the database is and hardware resources available." -read -r -p "Are you sure you want to continue? [y/N] " yorn -if [[ "$yorn" =~ ^([yY][eE][sS]|[yY])$ ]]; then - echo -e "\nDownsampling InfluxDb started at `date`. This may take several hours depending on how much data needs to be downsampled." - - {% for dest_rp in influxdb.downsample.keys() -%} - {% for measurement in influxdb.downsample[dest_rp].get('measurements', []) -%} - - day=0 - startdate=`date` - while docker exec -t so-influxdb /bin/bash -c "influx -ssl -unsafeSsl -database telegraf -execute \"SELECT mean(*) INTO \"so_long_term\".\"{{measurement}}\" FROM \"autogen\".\"{{measurement}}\" WHERE \"time\" >= '2020-07-21T00:00:00.0000000Z' + ${day}d AND \"time\" <= '2020-07-21T00:00:00.0000000Z' + $((day+1))d GROUP BY time(5m),*\""; do - # why 2020-07-21? - migrationdate=`date -d "2020-07-21 + ${day} days" +"%y-%m-%d"` - - echo "Downsampling of measurement: {{measurement}} from $migrationdate started at $startdate and completed at `date`." - - newdaytomigrate=$(date -d "$migrationdate + 1 days" +"%s") - today=$(date +"%s") - if [ $newdaytomigrate -ge $today ]; then - break - else - ((day=day+1)) - startdate=`date` - echo -e "\nDownsampling the next day's worth of data for measurement: {{measurement}}." - fi - done - - {% endfor -%} - {% endfor -%} - - echo -e "\nInfluxDb data downsampling complete." - -else - echo -e "\nExiting as requested." -fi -{%- else %} -echo -e "\nThis script can only be run on a node running InfluxDB." -{%- endif %} diff --git a/salt/common/tools/sbin/so-influxdb-drop-autogen b/salt/common/tools/sbin/so-influxdb-drop-autogen deleted file mode 100755 index 5fe7b6e73..000000000 --- a/salt/common/tools/sbin/so-influxdb-drop-autogen +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash - -# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one -# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at -# https://securityonion.net/license; you may not use this file except in compliance with the -# Elastic License 2.0. - - - -. /usr/sbin/so-common - -echo -e "\nThis script is used to reduce the size of InfluxDB by dropping the autogen retention policy." -echo "If you want to retain historical data prior to 2.3.60, then this should only be run after you have downsampled your data using so-influxdb-downsample." - -echo -e "\nThe autogen retention policy will now be dropped from InfluxDB." -read -r -p "Are you sure you want to continue? [y/N] " yorn -if [[ "$yorn" =~ ^([yY][eE][sS]|[yY])$ ]]; then - echo -e "\nDropping autogen retention policy." - if docker exec -t so-influxdb influx -format json -ssl -unsafeSsl -execute "drop retention policy autogen on telegraf"; then - echo -e "\nAutogen retention policy dropped from InfluxDb." - else - echo -e "\nSomething went wrong dropping then autogen retention policy from InfluxDB. Please verify that the so-influxdb Docker container is running, and check the log at /opt/so/log/influxdb/influxdb.log for any details." - fi -else - echo -e "\nExiting as requested." -fi diff --git a/salt/influxdb/buckets.json.jinja b/salt/influxdb/buckets.json.jinja index 1e4655d31..727d224be 100644 --- a/salt/influxdb/buckets.json.jinja +++ b/salt/influxdb/buckets.json.jinja @@ -1,3 +1 @@ -{%- from 'influxdb/map.jinja' import INFLUXMERGED %} - {{ INFLUXMERGED.buckets | json }} \ No newline at end of file diff --git a/salt/influxdb/config.yaml.jinja b/salt/influxdb/config.yaml.jinja index 50b8ff940..9d65fde3f 100644 --- a/salt/influxdb/config.yaml.jinja +++ b/salt/influxdb/config.yaml.jinja @@ -1,3 +1 @@ -{%- from 'influxdb/map.jinja' import INFLUXMERGED %} - {{ INFLUXMERGED.config | yaml(false) }} \ No newline at end of file diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls index 396b9567c..ff6466bb4 100644 --- a/salt/influxdb/init.sls +++ b/salt/influxdb/init.sls @@ -2,6 +2,7 @@ {% if sls in allowed_states %} {% from 'docker/docker.map.jinja' import DOCKER %} {% from 'vars/globals.map.jinja' import GLOBALS %} +{% from 'influxdb/map.jinja' import INFLUXMERGED %} {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-standalone', 'so-eval', 'so-import'] %} {% set PASSWORD = salt['pillar.get']('secrets:influx_pass') %} @@ -37,6 +38,8 @@ influxdbconf: - user: 939 - group: 939 - template: jinja + - defaults: + INFLUXMERGED: {{ INFLUXMERGED }} influxdbbucketsconf: file.managed: @@ -45,6 +48,8 @@ influxdbbucketsconf: - user: 939 - group: 939 - template: jinja + - defaults: + INFLUXMERGED: {{ INFLUXMERGED }} influxdb-templates: file.recurse: @@ -54,6 +59,8 @@ influxdb-templates: - group: 939 - template: jinja - clean: True + - defaults: + INFLUXMERGED: {{ INFLUXMERGED }} influxdb_curl_config: file.managed: diff --git a/salt/influxdb/templates/downsample.json b/salt/influxdb/templates/downsample.json new file mode 100644 index 000000000..62484638c --- /dev/null +++ b/salt/influxdb/templates/downsample.json @@ -0,0 +1 @@ +[{"apiVersion":"influxdata.com/v2alpha1","kind":"Task","metadata":{"name":"task-downsample"},"spec":{"every":"{{ INFLUXMERGED.downsample.so_long_term.resolution }}","name":"test","query":"import \"types\"\n\n\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: -task.every)\n |> filter(fn: (r) => types.isNumeric(v: r._value))\n |> aggregateWindow(every: task.every, fn: mean)\n |> to(bucket: \"telegraf/so_long_term\")"}}] \ No newline at end of file diff --git a/salt/influxdb/templates/security_onion_performance.json b/salt/influxdb/templates/security_onion_performance.json index 9baa33b8d..d1ad8dad7 100644 --- a/salt/influxdb/templates/security_onion_performance.json +++ b/salt/influxdb/templates/security_onion_performance.json @@ -1 +1 @@ -[{"apiVersion":"influxdata.com/v2alpha1","kind":"Dashboard","metadata":{"name":"dashboard-so"},"spec":{"charts":[{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Uptime","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime\")\n |> hostFilter()\n |> map(fn: (r) => ({r with _value: r._value / (24 * 60 * 60)}))\n |> group(columns: [\"host\"])\n |> last()\n |> lowestMin(n:1)"}],"staticLegend":{},"suffix":" days","width":1},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":70},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":80},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"CPU Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"yPos":2},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Redis Queue","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"unparsed\")\n |> group(columns: [\"host\", \"_field\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_unparsed\")\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"host\", \"_field\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System Uptime","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: true)\n |> map(fn: (r) => ({r with _value: r._value / (24 * 60 * 60)}))\n |> yield(name: \"last\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_uptime\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: true)\n |> map(fn: (r) => ({r with _value: r._value / (24.0 * 60.0 * 60.0)}))\n |> yield(name: \"last\")"}],"shade":true,"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":10},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System CPU Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_usage_idle\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\",\"host\", \"role\"])\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":14},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System Memory Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Monitor Interface Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_recv\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":22},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Management Interface Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_recv\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":26},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Stenographer Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_drop\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Disk Usage /","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":34},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Stenographer PCAP Retention","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"seconds\")\n |> map(fn: (r) => ({ r with _value: r._value / (24.0 * 3600.0)}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_seconds\")\n |> set(key: \"_field\", value: \"Trend\")\n |> map(fn: (r) => ({ r with _value: r._value / (24.0 * 3600.0)}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"5m Load Average","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"load5\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":1},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"IOWait","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_iowait\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":2},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Estimated EPS In","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"in\")\n |> hostFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":3},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":70},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":80},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"Memory Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":3,"yPos":2},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":" e/s"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Logstash EPS","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"in\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"out\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: -r._value}))\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_in\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> set(key: \"_field\", value: \"Trend In\")\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_out\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: -r._value}))\n |> set(key: \"_field\", value: \"Trend Out\")\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":3,"yCol":"_value","yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Suricata Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":3,"yCol":"_value","yPos":30},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Redis Queue","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"unparsed\")\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":4},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Uptime","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_status\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime_ns\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: true)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> map(fn: (r) => ({r with _value: r._value / (24 * 60 * 60 * 1000000000)}))\n |> yield(name: \"last\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_status\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_uptime_ns\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: true)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> map(fn: (r) => ({r with _value: r._value / (24.0 * 60.0 * 60.0 * 1000000000.0)}))\n |> yield(name: \"last\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":10},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"yT5vTIlaaFChSrQvKLfqf","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"mzzUVSu3ibTph1JmQmDAQ","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"mOcnDo7l8ii6qNLFIB5rs","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container CPU Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_usage_percent\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":14},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Memory Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_usage_percent\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_net\")\n |> filter(fn: (r) => r[\"_field\"] == \"rx_bytes\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_net\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_rx_bytes\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with _value: r._value * 8.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":22},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Monitor Traffic","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\") \n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: r._value * 8.0 / (1000.0 * 1000.0)}))\n |> group(columns: [\"host\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> last()\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":" Mb/s","width":1,"xPos":5},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Zeek Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":6},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":50},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":70},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"Swap Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":6,"yPos":2},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"s"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elastic Ingest Time Spent","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_community_id_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"community.id_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_conditional_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"conditional_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_date_index_name_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"date.index.name_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_date_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"date_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_dissect_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"dissect_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_dot_expander_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"dot.expander_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_geoip_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"geoip_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_grok_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"grok_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_json_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"json_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_kv_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"kv_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_lowercase_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"lowercase_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_rename_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"rename_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_script_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"script_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_user_agent_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"user.agent_time\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Management Interface Traffic - Outbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_sent\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n \n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_sent\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_bytes_sent\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n \n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":26},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Zeek Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Disk Usage /nsm","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key:\"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":34},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"B"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elasticsearch Storage Size","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"store_size_in_bytes\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_store_size_in_bytes\")\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Suricata Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":7},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Stenographer Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":8},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"1m Load Average","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"load1\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_load1\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\",\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":10,"yTickStep":1},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"UAehjIsi65P8u92M_3sQY","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"_SCP8Npp4NVMx2N4mfuzX","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"BoMPg4R1KDp_UsRORdV3_","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"IO Wait","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_iowait\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_usage_iowait\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":14},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Swap Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Monitor Interface Drops - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop_in\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"drop_in\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_drop_in\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":22},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Capture Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"loss\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":9},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":95},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":85},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"NSM Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":9,"yPos":2},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elasticsearch Document Count","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"docs_count\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_docs_count\")\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":9,"yCol":"_value","yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Zeek Capture Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"loss\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_loss\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":9,"yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"B"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"InfluxDB Size","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"influxsize\")\n |> filter(fn: (r) => r[\"_field\"] == \"kbytes\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 1000.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"influxsize\")\n |> filter(fn: (r) => r[\"_field\"] == \"mean_kbytes\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 1000.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":9,"yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"viridian","type":"text","hex":"#32B08C"},{"id":"SpQHOj76fJwL4uNUdgA_L","name":"pineapple","type":"text","hex":"#FFB94A","value":85},{"id":"FALp969me_9GTrRtLYaab","name":"ruby","type":"text","hex":"#BF3D5E","value":95}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"RootFS Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","width":1,"xPos":10},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"PCAP Retention","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"seconds\")\n |> hostFilter()\n |> map(fn: (r) => ({r with _value: r._value / (24.0 * 60.0 * 60.0)}))\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":" days","width":1,"xPos":11}],"name":"Security Onion Performance"}}] +[{"apiVersion":"influxdata.com/v2alpha1","kind":"Dashboard","metadata":{"name":"dashboard-so"},"spec":{"charts":[{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Uptime","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime\")\n |> hostFilter()\n |> map(fn: (r) => ({r with _value: r._value / (24 * 60 * 60)}))\n |> group(columns: [\"host\"])\n |> last()\n |> lowestMin(n:1)"}],"staticLegend":{},"suffix":" days","width":1},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":70},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":80},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"CPU Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"yPos":2},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Redis Queue","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"unparsed\")\n |> group(columns: [\"host\", \"_field\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"unparsed\")\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"host\", \"_field\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System Uptime","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: true)\n |> map(fn: (r) => ({r with _value: r._value / (24 * 60 * 60)}))\n |> yield(name: \"last\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: true)\n |> map(fn: (r) => ({r with _value: r._value / (24.0 * 60.0 * 60.0)}))\n |> yield(name: \"last\")"}],"shade":true,"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":10},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System CPU Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\",\"host\", \"role\"])\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":14},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System Memory Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Monitor Interface Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_recv\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":22},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Management Interface Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_recv\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":26},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Stenographer Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Disk Usage /","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":34},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Stenographer PCAP Retention","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"seconds\")\n |> map(fn: (r) => ({ r with _value: r._value / (24.0 * 3600.0)}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"seconds\")\n |> set(key: \"_field\", value: \"Trend\")\n |> map(fn: (r) => ({ r with _value: r._value / (24.0 * 3600.0)}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"5m Load Average","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"load5\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":1},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"IOWait","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_iowait\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":2},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Estimated EPS In","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"in\")\n |> hostFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":3},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":70},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":80},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"Memory Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":3,"yPos":2},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":" e/s"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Logstash EPS","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"in\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"out\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: -r._value}))\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"in\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> set(key: \"_field\", value: \"Trend In\")\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"out\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: -r._value}))\n |> set(key: \"_field\", value: \"Trend Out\")\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":3,"yCol":"_value","yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Suricata Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":3,"yCol":"_value","yPos":30},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Redis Queue","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"unparsed\")\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":4},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Uptime","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_status\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime_ns\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: true)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> map(fn: (r) => ({r with _value: r._value / (24 * 60 * 60 * 1000000000)}))\n |> yield(name: \"last\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_status\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime_ns\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: true)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> map(fn: (r) => ({r with _value: r._value / (24.0 * 60.0 * 60.0 * 1000000000.0)}))\n |> yield(name: \"last\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":10},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"yT5vTIlaaFChSrQvKLfqf","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"mzzUVSu3ibTph1JmQmDAQ","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"mOcnDo7l8ii6qNLFIB5rs","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container CPU Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":14},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Memory Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_net\")\n |> filter(fn: (r) => r[\"_field\"] == \"rx_bytes\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_net\")\n |> filter(fn: (r) => r[\"_field\"] == \"rx_bytes\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with _value: r._value * 8.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":22},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Monitor Traffic","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\") \n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: r._value * 8.0 / (1000.0 * 1000.0)}))\n |> group(columns: [\"host\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> last()\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":" Mb/s","width":1,"xPos":5},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Zeek Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":6},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":50},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":70},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"Swap Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":6,"yPos":2},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"s"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elastic Ingest Time Spent","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_community_id_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"community.id_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_conditional_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"conditional_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_date_index_name_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"date.index.name_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_date_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"date_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_dissect_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"dissect_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_dot_expander_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"dot.expander_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_geoip_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"geoip_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_grok_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"grok_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_json_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"json_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_kv_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"kv_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_lowercase_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"lowercase_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_rename_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"rename_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_script_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"script_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_user_agent_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"user.agent_time\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Management Interface Traffic - Outbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_sent\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n \n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_sent\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_sent\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n \n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":26},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Zeek Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Disk Usage /nsm","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key:\"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":34},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"B"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elasticsearch Storage Size","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"store_size_in_bytes\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"store_size_in_bytes\")\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Suricata Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":7},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Stenographer Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":8},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"1m Load Average","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"load1\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"load1\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\",\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":10,"yTickStep":1},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"UAehjIsi65P8u92M_3sQY","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"_SCP8Npp4NVMx2N4mfuzX","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"BoMPg4R1KDp_UsRORdV3_","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"IO Wait","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_iowait\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_iowait\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":14},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Swap Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Monitor Interface Drops - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop_in\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"drop_in\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop_in\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":22},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Capture Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"loss\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":9},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":95},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":85},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"NSM Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":9,"yPos":2},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elasticsearch Document Count","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"docs_count\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"docs_count\")\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":9,"yCol":"_value","yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Zeek Capture Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"loss\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"loss\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":9,"yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"B"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"InfluxDB Size","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"influxsize\")\n |> filter(fn: (r) => r[\"_field\"] == \"kbytes\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 1000.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"influxsize\")\n |> filter(fn: (r) => r[\"_field\"] == \"kbytes\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 1000.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":9,"yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"viridian","type":"text","hex":"#32B08C"},{"id":"SpQHOj76fJwL4uNUdgA_L","name":"pineapple","type":"text","hex":"#FFB94A","value":85},{"id":"FALp969me_9GTrRtLYaab","name":"ruby","type":"text","hex":"#BF3D5E","value":95}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"RootFS Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","width":1,"xPos":10},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"PCAP Retention","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"seconds\")\n |> hostFilter()\n |> map(fn: (r) => ({r with _value: r._value / (24.0 * 60.0 * 60.0)}))\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":" days","width":1,"xPos":11}],"name":"Security Onion Performance"}}] diff --git a/salt/salt/files/influxdb_continuous_query.py.patch b/salt/salt/files/influxdb_continuous_query.py.patch deleted file mode 100644 index 0922342fa..000000000 --- a/salt/salt/files/influxdb_continuous_query.py.patch +++ /dev/null @@ -1,4 +0,0 @@ -56c56 -< database, name, query, resample_time, coverage_period ---- -> database, name, query, resample_time, coverage_period, **client_args diff --git a/salt/salt/files/influxdb_retention_policy.py.patch b/salt/salt/files/influxdb_retention_policy.py.patch deleted file mode 100644 index 917d96a30..000000000 --- a/salt/salt/files/influxdb_retention_policy.py.patch +++ /dev/null @@ -1,16 +0,0 @@ -34c34 -< hours = int(duration.split("h")) ---- -> hours = int(duration.split("h")[0]) -48c48 -< def present(name, database, duration="7d", replication=1, default=False, **client_args): ---- -> def present(name, database, duration="7d", replication=1, default=False, shard_duration="1d", **client_args): -73c73 -< database, name, duration, replication, default, **client_args ---- -> database, name, duration, replication, shard_duration, default, **client_args -113c113 -< database, name, duration, replication, default, **client_args ---- -> database, name, duration, replication, shard_duration, default, **client_args diff --git a/salt/salt/files/influxdbmod.py.patch b/salt/salt/files/influxdbmod.py.patch deleted file mode 100644 index 150fdfe15..000000000 --- a/salt/salt/files/influxdbmod.py.patch +++ /dev/null @@ -1,16 +0,0 @@ -421c421 -< database, name, duration, replication, default=False, **client_args ---- -> database, name, duration, replication, shard_duration, default=False, **client_args -456c456 -< client.create_retention_policy(name, duration, replication, database, default) ---- -> client.create_retention_policy(name, duration, replication, database, default, shard_duration) -462c462 -< database, name, duration, replication, default=False, **client_args ---- -> database, name, duration, replication, shard_duration, default=False, **client_args -498c498 -< client.alter_retention_policy(name, database, duration, replication, default) ---- -> client.alter_retention_policy(name, database, duration, replication, default, shard_duration) diff --git a/salt/salt/map.jinja b/salt/salt/map.jinja index 389a95607..de660d844 100644 --- a/salt/salt/map.jinja +++ b/salt/salt/map.jinja @@ -7,10 +7,6 @@ {% set SALTPACKAGES = ['salt-common', 'salt-master', 'salt-minion'] %} {% set SALT_STATE_CODE_PATH = '/usr/lib/python3/dist-packages/salt/states' %} {% set SALT_MODULE_CODE_PATH = '/usr/lib/python3/dist-packages/salt/modules' %} - {% set PYTHONINFLUXVERSION = '5.3.1' %} - {% set PYTHON3INFLUX= 'influxdb == ' ~ PYTHONINFLUXVERSION %} - {% set PYTHON3INFLUXDEPS= ['certifi', 'chardet', 'python-dateutil', 'pytz', 'requests'] %} - {% set PYTHONINSTALLER = 'pip' %} {% set SYSTEMD_UNIT_FILE = '/lib/systemd/system/salt-minion.service' %} {% else %} {% set SPLITCHAR = '-' %} @@ -18,10 +14,6 @@ {% set SALTPACKAGES = ['salt', 'salt-master', 'salt-minion'] %} {% set SALT_STATE_CODE_PATH = '/usr/lib/python3.6/site-packages/salt/states' %} {% set SALT_MODULE_CODE_PATH = '/usr/lib/python3.6/site-packages/salt/modules' %} - {% set PYTHONINFLUXVERSION = '5.3.1' %} - {% set PYTHON3INFLUX= 'securityonion-python3-influxdb' %} - {% set PYTHON3INFLUXDEPS= ['python36-certifi', 'python36-chardet', 'python36-dateutil', 'python36-pytz', 'python36-requests'] %} - {% set PYTHONINSTALLER = 'pkg' %} {% set SYSTEMD_UNIT_FILE = '/usr/lib/systemd/system/salt-minion.service' %} {% endif %} diff --git a/salt/salt/minion.sls b/salt/salt/minion.sls index 50bb865df..245324473 100644 --- a/salt/salt/minion.sls +++ b/salt/salt/minion.sls @@ -34,21 +34,6 @@ install_salt_minion: exec 2>&- # close stderr nohup /bin/sh -c '{{ UPGRADECOMMAND }}' & - {# if we are the salt master #} - {% if grains.id.split('_')|first == grains.master %} -remove_influxdb_continuous_query_state_file: - file.absent: - - name: /opt/so/state/influxdb_continuous_query.py.patched - -remove_influxdbmod_state_file: - file.absent: - - name: /opt/so/state/influxdbmod.py.patched - -remove_influxdb_retention_policy_state_file: - file.absent: - - name: /opt/so/state/influxdb_retention_policy.py.patched - {% endif %} - {% endif %} {% if INSTALLEDSALTVERSION|string == SALTVERSION|string %} diff --git a/salt/salt/python3-influxdb.sls b/salt/salt/python3-influxdb.sls deleted file mode 100644 index 7a59c4303..000000000 --- a/salt/salt/python3-influxdb.sls +++ /dev/null @@ -1,70 +0,0 @@ -{% from "salt/map.jinja" import SALT_STATE_CODE_PATH with context %} -{% from "salt/map.jinja" import SALT_MODULE_CODE_PATH with context %} -{% from "salt/map.jinja" import PYTHON3INFLUX with context %} -{% from "salt/map.jinja" import PYTHON3INFLUXDEPS with context %} -{% from "salt/map.jinja" import PYTHONINSTALLER with context %} - -include: - - salt.helper-packages - -python3_influxdb_dependencies: - {{PYTHONINSTALLER}}.installed: - - pkgs: {{ PYTHON3INFLUXDEPS }} - -python3_influxdb: - {{PYTHONINSTALLER}}.installed: - - name: {{ PYTHON3INFLUX }} - -# We circumvent the file.patch state putting ERROR in the log by using the unless and file.touch below -# https://github.com/saltstack/salt/pull/47010 and https://github.com/saltstack/salt/issues/52329 - -#https://github.com/saltstack/salt/issues/59766 -influxdb_continuous_query.present_patch: - file.patch: - - name: {{ SALT_STATE_CODE_PATH }}/influxdb_continuous_query.py - - source: salt://salt/files/influxdb_continuous_query.py.patch - - require: - - {{PYTHONINSTALLER}}: python3_influxdb - - pkg: patch_package - - unless: ls /opt/so/state/influxdb_continuous_query.py.patched - -influxdb_continuous_query.py.patched: - file.touch: - - name: /opt/so/state/influxdb_continuous_query.py.patched - - onchanges: - - file: influxdb_continuous_query.present_patch - -#https://github.com/saltstack/salt/issues/59761 -influxdb_retention_policy.present_patch: - file.patch: - - name: {{ SALT_STATE_CODE_PATH }}/influxdb_retention_policy.py - - source: salt://salt/files/influxdb_retention_policy.py.patch - - require: - - {{PYTHONINSTALLER}}: python3_influxdb - - pkg: patch_package - - unless: ls /opt/so/state/influxdb_retention_policy.py.patched - -influxdb_retention_policy.py.patched: - file.touch: - - name: /opt/so/state/influxdb_retention_policy.py.patched - - onchanges: - - file: influxdb_retention_policy.present_patch - -# We should be able to set reload_modules: True in this state in order to tell salt to reload its python modules due to us possibly installing -# and possibly modifying modules in this state. This is bugged according to https://github.com/saltstack/salt/issues/24925 -influxdbmod.py_shard_duration_patch: - file.patch: - - name: {{ SALT_MODULE_CODE_PATH }}/influxdbmod.py - - source: salt://salt/files/influxdbmod.py.patch - - require: - - {{PYTHONINSTALLER}}: python3_influxdb - - pkg: patch_package - - unless: ls /opt/so/state/influxdbmod.py.patched - -influxdbmod.py.patched: - file.touch: - - name: /opt/so/state/influxdbmod.py.patched - - onchanges: - - file: influxdbmod.py_shard_duration_patch - - From 7b3acd53a1e0daeedf569d91143d6e02ecdcdb61 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 13 Feb 2023 09:55:45 -0500 Subject: [PATCH 46/62] upgrade influx --- salt/influxdb/templates/downsample.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/influxdb/templates/downsample.json b/salt/influxdb/templates/downsample.json index 62484638c..c9926f371 100644 --- a/salt/influxdb/templates/downsample.json +++ b/salt/influxdb/templates/downsample.json @@ -1 +1 @@ -[{"apiVersion":"influxdata.com/v2alpha1","kind":"Task","metadata":{"name":"task-downsample"},"spec":{"every":"{{ INFLUXMERGED.downsample.so_long_term.resolution }}","name":"test","query":"import \"types\"\n\n\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: -task.every)\n |> filter(fn: (r) => types.isNumeric(v: r._value))\n |> aggregateWindow(every: task.every, fn: mean)\n |> to(bucket: \"telegraf/so_long_term\")"}}] \ No newline at end of file +[{"apiVersion":"influxdata.com/v2alpha1","kind":"Task","metadata":{"name":"task-downsample"},"spec":{"every":"{{ INFLUXMERGED.downsample.so_long_term.resolution }}","name":"Downsample","query":"import \"types\"\n\n\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: -task.every)\n |> filter(fn: (r) => types.isNumeric(v: r._value))\n |> aggregateWindow(every: task.every, fn: mean)\n |> to(bucket: \"telegraf/so_long_term\")"}}] \ No newline at end of file From 40d3269db31984b5826a0ae900ece3f74437cdb7 Mon Sep 17 00:00:00 2001 From: weslambert Date: Mon, 13 Feb 2023 09:58:39 -0500 Subject: [PATCH 47/62] Remove 'so-filebeat' from list of trusted containers --- salt/common/tools/sbin/so-image-common | 3 --- 1 file changed, 3 deletions(-) diff --git a/salt/common/tools/sbin/so-image-common b/salt/common/tools/sbin/so-image-common index 945d3f4ed..fb74907bd 100755 --- a/salt/common/tools/sbin/so-image-common +++ b/salt/common/tools/sbin/so-image-common @@ -25,7 +25,6 @@ container_list() { if [ $MANAGERCHECK == 'so-import' ]; then TRUSTED_CONTAINERS=( "so-elasticsearch" - "so-filebeat" "so-idstools" "so-influxdb" "so-kibana" @@ -47,7 +46,6 @@ container_list() { "so-elastic-agent" "so-elastic-agent-builder" "so-elasticsearch" - "so-filebeat" "so-grafana" "so-idh" "so-idstools" @@ -73,7 +71,6 @@ container_list() { ) else TRUSTED_CONTAINERS=( - "so-filebeat" "so-idstools" "so-elasticsearch" "so-logstash" From 1fa8294ee6c96a22e2f004f5aacf49f277d1285f Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 13 Feb 2023 14:56:51 -0500 Subject: [PATCH 48/62] influx upgrade --- salt/common/tools/sbin/so-influxdb-manage | 78 +++++++++++++++-------- salt/common/tools/sbin/so-user | 9 +++ salt/influxdb/init.sls | 12 ++-- 3 files changed, 70 insertions(+), 29 deletions(-) diff --git a/salt/common/tools/sbin/so-influxdb-manage b/salt/common/tools/sbin/so-influxdb-manage index 964a1b517..96b0c01f9 100644 --- a/salt/common/tools/sbin/so-influxdb-manage +++ b/salt/common/tools/sbin/so-influxdb-manage @@ -18,6 +18,8 @@ usage() { echo " userenable Enables a user, requires: " echo " userdisable Disables a user, requires: " echo " userpass Updates a user's password, requires: " + echo " userpromote Promotes a user to admin: " + echo " userdemote Demotes a user from admin: " echo "" echo "If required, the password will be read from STDIN." exit 1 @@ -27,13 +29,14 @@ if [ $# -lt 1 ]; then usage fi +COMMAND=$(basename $0) OP=$1 shift set -eo pipefail log() { - echo -e "$(date) | InfluxDB | $@" >&2 + echo -e "$(date) | $COMMAND | $@" >&2 } check_response() { @@ -61,17 +64,6 @@ lookup_user_id() { echo "$uid" } -lookup_org_id() { - response=$(request orgs?limit=100) - check_response "$response" - oid=$(echo "$response" | jq -r ".orgs[] | select(.name == \"Security Onion\").id") - if [[ -z "$oid" ]]; then - log "Organization not found" - exit 1 - fi - echo "$oid" -} - lookup_stack_id() { oid=$1 @@ -86,15 +78,6 @@ lookup_stack_id() { echo "$stackid" } -add_user_to_org() { - uid=$1 - oid=$2 - - log "Adding new user to organization" - response=$(request orgs/$oid/members -X POST -d "{\"id\":\"$uid\"}") - check_response "$response" -} - change_password() { uid=$1 @@ -137,6 +120,30 @@ setup_bucket() { check_response "$response" } +lookup_org_id_with_wait() { + max_attempts=30 + attempts=0 + wait=10 + while [[ $attempts -lt $max_attempts ]]; do + response=$(request orgs?org=Security+Onion) + check_response "$response" + oid=$(echo "$response" | jq -r ".orgs[] | select(.name == \"Security Onion\").id") + if [[ -z $oid ]]; then + attempts=$((attempts+1)) + log "Server does not appear to be running or fully initialized - will try again in $wait seconds ($attempts / $max_attempts)" + sleep $wait + else + echo "$oid" + return + fi + done + + log "Server has not started after $max_attempts attempts - aborting" + exit 1 +} + +oid=$(lookup_org_id_with_wait) + case "$OP" in setup) @@ -146,7 +153,6 @@ case "$OP" in newest=$(ls -1t /opt/so/conf/influxdb/templates/ | head -1) if [ /opt/so/conf/influxdb/templates/$newest -nt /opt/so/conf/influxdb/last_template_setup ]; then log "Updating templates" - oid=$(lookup_org_id) stackid=$(lookup_stack_id "$oid") for file in /opt/so/conf/influxdb/templates/*; do if [[ "$templates_array" != "" ]]; then @@ -164,7 +170,6 @@ case "$OP" in # Setup buckets and retention periods if at least one has been modified since the last setup if [ /opt/so/conf/influxdb/buckets.json -nt /opt/so/conf/influxdb/last_bucket_setup ]; then log "Updating buckets and retention periods" - oid=$(lookup_org_id) for rp in so_short_term so_long_term; do bucket=telegraf/$rp log "Ensuring bucket is created and configured; bucket=$bucket" @@ -189,11 +194,14 @@ case "$OP" in [ $# -ne 1 ] && usage email=$1 log "Adding new user; email=$email" - oid=$(lookup_org_id) response=$(request users -X POST -d "{\"name\":\"$email\"}") check_response "$response" uid=$(echo "$response" | jq -r .id) - add_user_to_org "$uid" "$oid" + + log "Adding new user to organization" + response=$(request orgs/$oid/members -X POST -d "{\"id\":\"$uid\"}") + check_response "$response" + change_password "$uid" ;; @@ -232,6 +240,26 @@ case "$OP" in check_response "$response" ;; + userpromote) + [ $# -ne 1 ] && usage + email=$1 + log "Promoting user to admin; email=$email" + uid=$(lookup_user_id "$email") + response=$(request orgs/$oid/members/$uid -X DELETE) + response=$(request orgs/$oid/owners -X POST -d "{\"id\":\"$uid\"}") + check_response "$response" + ;; + + userdemote) + [ $# -ne 1 ] && usage + email=$1 + log "Demoting user from admin; email=$email" + uid=$(lookup_user_id "$email") + response=$(request orgs/$oid/owners/$uid -X DELETE) + response=$(request orgs/$oid/members -X POST -d "{\"id\":\"$uid\"}") + check_response "$response" + ;; + *) usage ;; diff --git a/salt/common/tools/sbin/so-user b/salt/common/tools/sbin/so-user index da6f3a4fb..4ad3983b4 100755 --- a/salt/common/tools/sbin/so-user +++ b/salt/common/tools/sbin/so-user @@ -588,6 +588,9 @@ case "${operation}" in syncAll echo "Successfully added new user to SOC" echo "$password" | so-influxdb-manage useradd "$email" + if [[ "$role" == "superuser" ]]; then + echo "$password" | so-influxdb-manage userpromote "$email" + fi ;; "list") @@ -605,6 +608,9 @@ case "${operation}" in if addUserRole "$email" "$role"; then syncElastic echo "Successfully added role to user" + if [[ "$role" == "superuser" ]]; then + echo "$password" | so-influxdb-manage userpromote "$email" + fi fi ;; @@ -618,6 +624,9 @@ case "${operation}" in deleteUserRole "$email" "$role" syncElastic echo "Successfully removed role from user" + if [[ "$role" == "superuser" ]]; then + echo "$password" | so-influxdb-manage userdemote "$email" + fi ;; "password") diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls index ff6466bb4..4872a5a40 100644 --- a/salt/influxdb/init.sls +++ b/salt/influxdb/init.sls @@ -71,10 +71,6 @@ influxdb_curl_config: - show_changes: False - makedirs: True -influxdb-setup: - cmd.run: - - name: /usr/sbin/so-influxdb-manage setup &>> /opt/so/log/influxdb/setup.log - so-influxdb: docker_container.running: - image: {{ GLOBALS.registry_host }}:5000/{{ GLOBALS.image_repo }}/so-influxdb:{{ GLOBALS.so_version }} @@ -113,6 +109,14 @@ append_so-influxdb_so-status.conf: - name: /opt/so/conf/so-status/so-status.conf - text: so-influxdb +influxdb-setup: + cmd.run: + - name: /usr/sbin/so-influxdb-manage setup &>> /opt/so/log/influxdb/setup.log + - require: + - file: influxdbbucketsconf + - file: influxdb_curl_conf + - docker_container: so-influxdb + # Install cron job to determine size of influxdb for telegraf get_influxdb_size: cron.present: From e3ca0345a84068d765b3b382c3cfd4469f8c44eb Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 13 Feb 2023 15:41:37 -0500 Subject: [PATCH 49/62] upgrade influx --- salt/influxdb/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls index 4872a5a40..f40b1b669 100644 --- a/salt/influxdb/init.sls +++ b/salt/influxdb/init.sls @@ -114,7 +114,7 @@ influxdb-setup: - name: /usr/sbin/so-influxdb-manage setup &>> /opt/so/log/influxdb/setup.log - require: - file: influxdbbucketsconf - - file: influxdb_curl_conf + - file: influxdb_curl_config - docker_container: so-influxdb # Install cron job to determine size of influxdb for telegraf From 0890129c6971c209a99150424c30cd4f0f530681 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 13 Feb 2023 19:30:10 -0500 Subject: [PATCH 50/62] influx upgrade --- salt/influxdb/templates/alarm_deadman.json | 18 +++++++++++ salt/influxdb/templates/alarm_nsm_disk.json | 32 +++++++++++++++++++ salt/influxdb/templates/alarm_root_disk.json | 32 +++++++++++++++++++ .../dashboard-security_onion_performance.json | 1 + .../templates/security_onion_performance.json | 1 - ...container.json => variable-container.json} | 0 .../{host.json => variable-host.json} | 0 .../{role.json => variable-role.json} | 0 8 files changed, 83 insertions(+), 1 deletion(-) create mode 100644 salt/influxdb/templates/alarm_deadman.json create mode 100644 salt/influxdb/templates/alarm_nsm_disk.json create mode 100644 salt/influxdb/templates/alarm_root_disk.json create mode 100644 salt/influxdb/templates/dashboard-security_onion_performance.json delete mode 100644 salt/influxdb/templates/security_onion_performance.json rename salt/influxdb/templates/{container.json => variable-container.json} (100%) rename salt/influxdb/templates/{host.json => variable-host.json} (100%) rename salt/influxdb/templates/{role.json => variable-role.json} (100%) diff --git a/salt/influxdb/templates/alarm_deadman.json b/salt/influxdb/templates/alarm_deadman.json new file mode 100644 index 000000000..6ea0e1ad7 --- /dev/null +++ b/salt/influxdb/templates/alarm_deadman.json @@ -0,0 +1,18 @@ +{ + "apiVersion": "influxdata.com/v2alpha1", + "kind": "CheckDeadman", + "metadata": { + "name": "alarm-deadman" + }, + "spec": { + "description": "Data has not been received from Telegraf for an extended period.", + "every": "1m0s", + "level": "CRIT", + "name": "Telegraf Data Outage", + "query": "from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")", + "staleTime": "15m0s", + "status": "active", + "statusMessageTemplate": "Check: ${ r._check_name } is: ${ r._level }", + "timeSince": "2m0s" + } +} \ No newline at end of file diff --git a/salt/influxdb/templates/alarm_nsm_disk.json b/salt/influxdb/templates/alarm_nsm_disk.json new file mode 100644 index 000000000..5c8f87cfc --- /dev/null +++ b/salt/influxdb/templates/alarm_nsm_disk.json @@ -0,0 +1,32 @@ +{ + "apiVersion": "influxdata.com/v2alpha1", + "kind": "CheckThreshold", + "metadata": { + "name": "alarm-nsm-disk" + }, + "spec": { + "description": "Percent used space on the root partition of at least one node has exceeded the alarm threshold.", + "every": "1m0s", + "name": "NSM Disk High Usage", + "query": "from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> aggregateWindow(every: 1m, fn: max, createEmpty: false)\n |> yield(name: \"max\")", + "status": "active", + "statusMessageTemplate": "Check: ${ r._check_name } is: ${ r._level }", + "thresholds": [ + { + "level": "CRIT", + "type": "greater", + "value": 95 + }, + { + "level": "INFO", + "type": "greater", + "value": 85 + }, + { + "level": "WARN", + "type": "greater", + "value": 90 + } + ] + } +} \ No newline at end of file diff --git a/salt/influxdb/templates/alarm_root_disk.json b/salt/influxdb/templates/alarm_root_disk.json new file mode 100644 index 000000000..a13cbcd3d --- /dev/null +++ b/salt/influxdb/templates/alarm_root_disk.json @@ -0,0 +1,32 @@ +{ + "apiVersion": "influxdata.com/v2alpha1", + "kind": "CheckThreshold", + "metadata": { + "name": "alarm-root-disk" + }, + "spec": { + "description": "Percent used space on the root partition of at least one node has exceeded the alarm threshold.", + "every": "1m0s", + "name": "Root Disk High Usage", + "query": "from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> aggregateWindow(every: 1m, fn: max, createEmpty: false)\n |> yield(name: \"max\")", + "status": "active", + "statusMessageTemplate": "Check: ${ r._check_name } is: ${ r._level }", + "thresholds": [ + { + "level": "CRIT", + "type": "greater", + "value": 95 + }, + { + "level": "INFO", + "type": "greater", + "value": 85 + }, + { + "level": "WARN", + "type": "greater", + "value": 90 + } + ] + } +} \ No newline at end of file diff --git a/salt/influxdb/templates/dashboard-security_onion_performance.json b/salt/influxdb/templates/dashboard-security_onion_performance.json new file mode 100644 index 000000000..9057d1078 --- /dev/null +++ b/salt/influxdb/templates/dashboard-security_onion_performance.json @@ -0,0 +1 @@ +[{"apiVersion":"influxdata.com/v2alpha1","kind":"Dashboard","metadata":{"name":"dashboard-so"},"spec":{"charts":[{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Uptime","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime\")\n |> hostFilter()\n |> map(fn: (r) => ({r with _value: r._value / (24 * 60 * 60)}))\n |> group(columns: [\"host\"])\n |> last()\n |> lowestMin(n:1)"}],"staticLegend":{},"suffix":" days","width":1},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"},{"id":"z83MTSufTrlrCoEPiBXda","name":"ruby","type":"text","hex":"#BF3D5E","value":1}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Critical Alarms","queries":[{"query":"from(bucket: \"_monitoring\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"statuses\")\n |> filter(fn: (r) => r[\"_field\"] == \"_message\")\n |> filter(fn: (r) => r[\"_level\"] == \"crit\")\n |> group(columns: [\"_check_id\"])\n |> sort(columns: [\"_time\"])\n |> last()\n |> group()\n |> count()"}],"staticLegend":{},"suffix":" ","width":1,"yPos":2},{"colors":[{"id":"base","name":"rainforest","type":"text","hex":"#4ED8A0"},{"id":"QCTYWuGuHkikYFsZSKMzQ","name":"rainforest","type":"text","hex":"#4ED8A0"},{"id":"QdpMyTRBb0LJ56-P5wfAW","name":"laser","type":"text","hex":"#00C9FF","value":1},{"id":"VQGwCoMrxZyP8asiOW5Cq","name":"tiger","type":"text","hex":"#F48D38","value":2},{"id":"zSO9QkesSIxrU_ntCBx2i","name":"ruby","type":"text","hex":"#BF3D5E","value":3}],"fieldOptions":[{"fieldName":"_time","visible":true},{"displayName":"Alarm","fieldName":"_check_name","visible":true},{"displayName":"Severity","fieldName":"_value","visible":true},{"displayName":"Status","fieldName":"_level","visible":true}],"height":6,"kind":"Table","name":"Alarm Status","queries":[{"query":"from(bucket: \"_monitoring\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"statuses\")\n |> filter(fn: (r) => r[\"_field\"] == \"_message\")\n |> drop(columns: [\"_value\"])\n |> duplicate(column: \"_level\", as: \"_value\")\n |> map(fn: (r) => ({ r with _value: if r._value == \"ok\" then 0 else if r._value == \"info\" then 1 else if r._value == \"warn\" then 2 else 3 }))\n |> group(columns: [\"_check_id\"])\n |> sort(columns: [\"_time\"])\n |> last()\n |> group()\n |> keep(columns: [\"_check_name\",\"_level\",\"_value\"])"}],"staticLegend":{},"tableOptions":{"sortBy":"_check_name","verticalTimeAxis":true},"timeFormat":"YYYY-MM-DD HH:mm:ss","width":3,"yPos":4},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"B"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elasticsearch Storage Size","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"store_size_in_bytes\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"store_size_in_bytes\")\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":10},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"B"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"InfluxDB Size","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"influxsize\")\n |> filter(fn: (r) => r[\"_field\"] == \"kbytes\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 1000.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"influxsize\")\n |> filter(fn: (r) => r[\"_field\"] == \"kbytes\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 1000.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":14},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System Uptime","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: true)\n |> map(fn: (r) => ({r with _value: r._value / (24 * 60 * 60)}))\n |> yield(name: \"last\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: true)\n |> map(fn: (r) => ({r with _value: r._value / (24.0 * 60.0 * 60.0)}))\n |> yield(name: \"last\")"}],"shade":true,"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System CPU Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\",\"host\", \"role\"])\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":22},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System Memory Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":26},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Monitor Interface Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_recv\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Management Interface Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_recv\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":34},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Stenographer Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":38},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Disk Usage /","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":42},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"5m Load Average","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"load5\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":1},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"},{"id":"z83MTSufTrlrCoEPiBXda","name":"tiger","type":"text","hex":"#F48D38","value":1}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Warning Alarms","queries":[{"query":"from(bucket: \"_monitoring\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"statuses\")\n |> filter(fn: (r) => r[\"_field\"] == \"_message\")\n |> filter(fn: (r) => r[\"_level\"] == \"warn\")\n |> group(columns: [\"_check_id\"])\n |> sort(columns: [\"_time\"])\n |> last()\n |> group()\n |> count()"}],"staticLegend":{},"suffix":" ","width":1,"xPos":1,"yPos":2},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"IO Wait","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_iowait\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":2},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"},{"id":"z83MTSufTrlrCoEPiBXda","name":"laser","type":"text","hex":"#00C9FF","value":1}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Informative Alarms","queries":[{"query":"from(bucket: \"_monitoring\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"statuses\")\n |> filter(fn: (r) => r[\"_field\"] == \"_message\")\n |> filter(fn: (r) => r[\"_level\"] == \"info\")\n |> group(columns: [\"_check_id\"])\n |> sort(columns: [\"_time\"])\n |> last()\n |> group()\n |> count()"}],"staticLegend":{},"suffix":" ","width":1,"xPos":2,"yPos":2},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Estimated EPS In","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"in\")\n |> hostFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":3},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":70},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":80},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"CPU Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":3,"yPos":2},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"kOQLOg2H4FVEE-E1_L8Kq","name":"laser","type":"threshold","hex":"#00C9FF","value":85},{"id":"5IArg2lDb8KvnphywgUXa","name":"tiger","type":"threshold","hex":"#F48D38","value":90},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"ruby","type":"threshold","hex":"#BF3D5E","value":95},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"Root Disk Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":3,"yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Suricata Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":3,"yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Redis Queue","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"unparsed\")\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":4},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elasticsearch Document Count","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"docs_count\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"docs_count\")\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":10},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Redis Queue","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"unparsed\")\n |> group(columns: [\"host\", \"_field\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"unparsed\")\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"host\", \"_field\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":14},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Uptime","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_status\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime_ns\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: true)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> map(fn: (r) => ({r with _value: r._value / (24 * 60 * 60 * 1000000000)}))\n |> yield(name: \"last\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_status\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime_ns\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: true)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> map(fn: (r) => ({r with _value: r._value / (24.0 * 60.0 * 60.0 * 1000000000.0)}))\n |> yield(name: \"last\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"yT5vTIlaaFChSrQvKLfqf","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"mzzUVSu3ibTph1JmQmDAQ","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"mOcnDo7l8ii6qNLFIB5rs","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container CPU Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":22},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Memory Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":26},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_net\")\n |> filter(fn: (r) => r[\"_field\"] == \"rx_bytes\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_net\")\n |> filter(fn: (r) => r[\"_field\"] == \"rx_bytes\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with _value: r._value * 8.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Disk Usage /nsm","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key:\"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xPos":4,"yPos":42},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Inbound Traffic","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\") \n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: r._value * 8.0 / (1000.0 * 1000.0)}))\n |> group(columns: [\"host\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> last()\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":" Mb/s","width":1,"xPos":5},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Inbound Drops","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop_in\") \n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: r._value * 8.0 / (1000.0 * 1000.0)}))\n |> group(columns: [\"host\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> last()\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":" Mb/s","width":1,"xPos":6},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":70},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":80},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"Memory Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":6,"yPos":2},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"laser","type":"threshold","hex":"#00C9FF","value":85},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"tiger","type":"threshold","hex":"#F48D38","value":90},{"id":"H7uprvKmMEh39en6X-ms_","name":"ruby","type":"threshold","hex":"#BF3D5E","value":95},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"NSM Disk Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":6,"yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Management Interface Traffic - Outbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_sent\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n \n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_sent\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_sent\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n \n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":34},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Zeek Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Capture Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"loss\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":7},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Zeek Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":8},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"s"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elastic Ingest Time Spent","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_community_id_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"community.id_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_conditional_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"conditional_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_date_index_name_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"date.index.name_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_date_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"date_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_dissect_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"dissect_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_dot_expander_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"dot.expander_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_geoip_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"geoip_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_grok_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"grok_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_json_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"json_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_kv_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"kv_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_lowercase_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"lowercase_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_rename_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"rename_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_script_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"script_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_user_agent_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"user.agent_time\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":10},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"1m Load Average","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"load1\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"load1\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\",\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":14,"yTickStep":1},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":" e/s"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Logstash EPS","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"in\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"out\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: -r._value}))\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"in\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> set(key: \"_field\", value: \"Trend In\")\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"out\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: -r._value}))\n |> set(key: \"_field\", value: \"Trend Out\")\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"UAehjIsi65P8u92M_3sQY","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"_SCP8Npp4NVMx2N4mfuzX","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"BoMPg4R1KDp_UsRORdV3_","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"IO Wait","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_iowait\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_iowait\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":22},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Swap Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":26},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Monitor Interface Drops - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop_in\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"drop_in\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop_in\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Stenographer PCAP Retention","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"seconds\")\n |> map(fn: (r) => ({ r with _value: r._value / (24.0 * 3600.0)}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"seconds\")\n |> set(key: \"_field\", value: \"Trend\")\n |> map(fn: (r) => ({ r with _value: r._value / (24.0 * 3600.0)}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":42},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Suricata Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":9},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":50},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":70},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"Swap Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":9,"yPos":2},{"colors":[{"id":"base","name":"white","type":"text","hex":"#ffffff"}],"fieldOptions":[{"displayName":"Host","fieldName":"host","visible":true},{"displayName":"Name","fieldName":"container_name","visible":true},{"displayName":"Status","fieldName":"container_status","visible":true},{"displayName":"OOM Killed","fieldName":"_value","visible":true},{"displayName":"_start","fieldName":"_start","visible":true},{"displayName":"_stop","fieldName":"_stop","visible":true},{"displayName":"_time","fieldName":"_time","visible":true},{"displayName":"_field","fieldName":"_field","visible":true},{"displayName":"_measurement","fieldName":"_measurement","visible":true},{"displayName":"engine_host","fieldName":"engine_host","visible":true},{"displayName":"role","fieldName":"role","visible":true},{"displayName":"server_version","fieldName":"server_version","visible":true},{"displayName":"container_image","fieldName":"container_image","visible":true},{"displayName":"container_version","fieldName":"container_version","visible":true},{"displayName":"description","fieldName":"description","visible":true},{"displayName":"maintainer","fieldName":"maintainer","visible":true},{"displayName":"io.k8s.description","fieldName":"io.k8s.description","visible":true},{"displayName":"io.k8s.display-name","fieldName":"io.k8s.display-name","visible":true},{"displayName":"license","fieldName":"license","visible":true},{"displayName":"name","fieldName":"name","visible":true},{"displayName":"org.label-schema.build-date","fieldName":"org.label-schema.build-date","visible":true},{"displayName":"org.label-schema.license","fieldName":"org.label-schema.license","visible":true},{"displayName":"org.label-schema.name","fieldName":"org.label-schema.name","visible":true},{"displayName":"org.label-schema.schema-version","fieldName":"org.label-schema.schema-version","visible":true},{"displayName":"org.label-schema.url","fieldName":"org.label-schema.url","visible":true},{"displayName":"org.label-schema.vcs-ref","fieldName":"org.label-schema.vcs-ref","visible":true},{"displayName":"org.label-schema.vcs-url","fieldName":"org.label-schema.vcs-url","visible":true},{"displayName":"org.label-schema.vendor","fieldName":"org.label-schema.vendor","visible":true},{"displayName":"org.label-schema.version","fieldName":"org.label-schema.version","visible":true},{"displayName":"org.opencontainers.image.created","fieldName":"org.opencontainers.image.created","visible":true},{"displayName":"org.opencontainers.image.licenses","fieldName":"org.opencontainers.image.licenses","visible":true},{"displayName":"org.opencontainers.image.title","fieldName":"org.opencontainers.image.title","visible":true},{"displayName":"org.opencontainers.image.vendor","fieldName":"org.opencontainers.image.vendor","visible":true},{"displayName":"release","fieldName":"release","visible":true},{"displayName":"summary","fieldName":"summary","visible":true},{"displayName":"url","fieldName":"url","visible":true},{"displayName":"vendor","fieldName":"vendor","visible":true},{"displayName":"version","fieldName":"version","visible":true},{"displayName":"org.label-schema.usage","fieldName":"org.label-schema.usage","visible":true},{"displayName":"org.opencontainers.image.documentation","fieldName":"org.opencontainers.image.documentation","visible":true},{"displayName":"org.opencontainers.image.revision","fieldName":"org.opencontainers.image.revision","visible":true},{"displayName":"org.opencontainers.image.source","fieldName":"org.opencontainers.image.source","visible":true},{"displayName":"org.opencontainers.image.url","fieldName":"org.opencontainers.image.url","visible":true},{"displayName":"org.opencontainers.image.version","fieldName":"org.opencontainers.image.version","visible":true},{"displayName":"org.opencontainers.image.description","fieldName":"org.opencontainers.image.description","visible":true}],"height":4,"kind":"Table","name":"Troubled Containers","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_status\")\n |> filter(fn: (r) => r[\"_field\"] == \"oomkilled\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"container_image\", \"host\"])\n |> last()\n |> group()\n |> keep(columns: [\"_value\", \"container_name\", \"host\"])\n |> filter(fn: (r) => r[\"container_status\"] != \"running\")"}],"staticLegend":{},"tableOptions":{"sortBy":"container_name","verticalTimeAxis":true},"timeFormat":"YYYY-MM-DD HH:mm:ss","width":3,"xPos":9,"yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Zeek Capture Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"loss\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"loss\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":9,"yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Stenographer Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":10},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"PCAP Retention","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"seconds\")\n |> hostFilter()\n |> map(fn: (r) => ({r with _value: r._value / (24.0 * 60.0 * 60.0)}))\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":" days","width":1,"xPos":11}],"description":"Visualize the Security Onion grid performance metrics and alarm statuses.","name":"Security Onion Performance"}}] \ No newline at end of file diff --git a/salt/influxdb/templates/security_onion_performance.json b/salt/influxdb/templates/security_onion_performance.json deleted file mode 100644 index d1ad8dad7..000000000 --- a/salt/influxdb/templates/security_onion_performance.json +++ /dev/null @@ -1 +0,0 @@ -[{"apiVersion":"influxdata.com/v2alpha1","kind":"Dashboard","metadata":{"name":"dashboard-so"},"spec":{"charts":[{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Uptime","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime\")\n |> hostFilter()\n |> map(fn: (r) => ({r with _value: r._value / (24 * 60 * 60)}))\n |> group(columns: [\"host\"])\n |> last()\n |> lowestMin(n:1)"}],"staticLegend":{},"suffix":" days","width":1},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":70},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":80},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"CPU Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"yPos":2},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Redis Queue","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"unparsed\")\n |> group(columns: [\"host\", \"_field\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"unparsed\")\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"host\", \"_field\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System Uptime","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: true)\n |> map(fn: (r) => ({r with _value: r._value / (24 * 60 * 60)}))\n |> yield(name: \"last\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: true)\n |> map(fn: (r) => ({r with _value: r._value / (24.0 * 60.0 * 60.0)}))\n |> yield(name: \"last\")"}],"shade":true,"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":10},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System CPU Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\",\"host\", \"role\"])\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":14},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System Memory Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Monitor Interface Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_recv\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":22},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Management Interface Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_recv\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":26},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Stenographer Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Disk Usage /","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":34},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Stenographer PCAP Retention","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"seconds\")\n |> map(fn: (r) => ({ r with _value: r._value / (24.0 * 3600.0)}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"seconds\")\n |> set(key: \"_field\", value: \"Trend\")\n |> map(fn: (r) => ({ r with _value: r._value / (24.0 * 3600.0)}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"5m Load Average","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"load5\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":1},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"IOWait","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_iowait\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":2},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Estimated EPS In","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"in\")\n |> hostFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":3},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":70},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":80},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"Memory Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":3,"yPos":2},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":" e/s"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Logstash EPS","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"in\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"out\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: -r._value}))\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"in\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> set(key: \"_field\", value: \"Trend In\")\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"out\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: -r._value}))\n |> set(key: \"_field\", value: \"Trend Out\")\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":3,"yCol":"_value","yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Suricata Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":3,"yCol":"_value","yPos":30},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Redis Queue","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"unparsed\")\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":4},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Uptime","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_status\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime_ns\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: true)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> map(fn: (r) => ({r with _value: r._value / (24 * 60 * 60 * 1000000000)}))\n |> yield(name: \"last\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_status\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime_ns\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: true)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> map(fn: (r) => ({r with _value: r._value / (24.0 * 60.0 * 60.0 * 1000000000.0)}))\n |> yield(name: \"last\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":10},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"yT5vTIlaaFChSrQvKLfqf","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"mzzUVSu3ibTph1JmQmDAQ","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"mOcnDo7l8ii6qNLFIB5rs","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container CPU Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":14},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Memory Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_net\")\n |> filter(fn: (r) => r[\"_field\"] == \"rx_bytes\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_net\")\n |> filter(fn: (r) => r[\"_field\"] == \"rx_bytes\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with _value: r._value * 8.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":22},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Monitor Traffic","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\") \n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: r._value * 8.0 / (1000.0 * 1000.0)}))\n |> group(columns: [\"host\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> last()\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":" Mb/s","width":1,"xPos":5},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Zeek Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":6},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":50},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":70},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"Swap Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":6,"yPos":2},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"s"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elastic Ingest Time Spent","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_community_id_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"community.id_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_conditional_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"conditional_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_date_index_name_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"date.index.name_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_date_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"date_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_dissect_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"dissect_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_dot_expander_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"dot.expander_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_geoip_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"geoip_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_grok_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"grok_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_json_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"json_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_kv_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"kv_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_lowercase_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"lowercase_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_rename_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"rename_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_script_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"script_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_user_agent_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"user.agent_time\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Management Interface Traffic - Outbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_sent\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n \n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_sent\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_sent\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n \n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":26},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Zeek Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Disk Usage /nsm","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key:\"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":34},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"B"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elasticsearch Storage Size","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"store_size_in_bytes\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"store_size_in_bytes\")\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Suricata Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":7},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Stenographer Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":8},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"1m Load Average","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"load1\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"load1\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\",\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":10,"yTickStep":1},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"UAehjIsi65P8u92M_3sQY","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"_SCP8Npp4NVMx2N4mfuzX","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"BoMPg4R1KDp_UsRORdV3_","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"IO Wait","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_iowait\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_iowait\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":14},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Swap Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Monitor Interface Drops - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop_in\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"drop_in\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop_in\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":22},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Capture Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"loss\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":9},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":95},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":85},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"NSM Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":9,"yPos":2},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elasticsearch Document Count","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"docs_count\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"docs_count\")\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":9,"yCol":"_value","yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Zeek Capture Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"loss\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"loss\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":9,"yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"B"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"InfluxDB Size","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"influxsize\")\n |> filter(fn: (r) => r[\"_field\"] == \"kbytes\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 1000.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"influxsize\")\n |> filter(fn: (r) => r[\"_field\"] == \"kbytes\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 1000.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":9,"yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"viridian","type":"text","hex":"#32B08C"},{"id":"SpQHOj76fJwL4uNUdgA_L","name":"pineapple","type":"text","hex":"#FFB94A","value":85},{"id":"FALp969me_9GTrRtLYaab","name":"ruby","type":"text","hex":"#BF3D5E","value":95}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"RootFS Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","width":1,"xPos":10},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"PCAP Retention","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"seconds\")\n |> hostFilter()\n |> map(fn: (r) => ({r with _value: r._value / (24.0 * 60.0 * 60.0)}))\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":" days","width":1,"xPos":11}],"name":"Security Onion Performance"}}] diff --git a/salt/influxdb/templates/container.json b/salt/influxdb/templates/variable-container.json similarity index 100% rename from salt/influxdb/templates/container.json rename to salt/influxdb/templates/variable-container.json diff --git a/salt/influxdb/templates/host.json b/salt/influxdb/templates/variable-host.json similarity index 100% rename from salt/influxdb/templates/host.json rename to salt/influxdb/templates/variable-host.json diff --git a/salt/influxdb/templates/role.json b/salt/influxdb/templates/variable-role.json similarity index 100% rename from salt/influxdb/templates/role.json rename to salt/influxdb/templates/variable-role.json From d15158e77a2adbbe68295cf702801cf9e8c40cd4 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 13 Feb 2023 20:52:12 -0500 Subject: [PATCH 51/62] influx upgrade --- salt/influxdb/templates/alarm_deadman.json | 4 ++-- salt/influxdb/templates/alarm_nsm_disk.json | 4 ++-- salt/influxdb/templates/alarm_root_disk.json | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/salt/influxdb/templates/alarm_deadman.json b/salt/influxdb/templates/alarm_deadman.json index 6ea0e1ad7..cd538ad9e 100644 --- a/salt/influxdb/templates/alarm_deadman.json +++ b/salt/influxdb/templates/alarm_deadman.json @@ -1,4 +1,4 @@ -{ +[{ "apiVersion": "influxdata.com/v2alpha1", "kind": "CheckDeadman", "metadata": { @@ -15,4 +15,4 @@ "statusMessageTemplate": "Check: ${ r._check_name } is: ${ r._level }", "timeSince": "2m0s" } -} \ No newline at end of file +}] \ No newline at end of file diff --git a/salt/influxdb/templates/alarm_nsm_disk.json b/salt/influxdb/templates/alarm_nsm_disk.json index 5c8f87cfc..691f8c0e8 100644 --- a/salt/influxdb/templates/alarm_nsm_disk.json +++ b/salt/influxdb/templates/alarm_nsm_disk.json @@ -1,4 +1,4 @@ -{ +[{ "apiVersion": "influxdata.com/v2alpha1", "kind": "CheckThreshold", "metadata": { @@ -29,4 +29,4 @@ } ] } -} \ No newline at end of file +}] \ No newline at end of file diff --git a/salt/influxdb/templates/alarm_root_disk.json b/salt/influxdb/templates/alarm_root_disk.json index a13cbcd3d..19d5f065c 100644 --- a/salt/influxdb/templates/alarm_root_disk.json +++ b/salt/influxdb/templates/alarm_root_disk.json @@ -1,4 +1,4 @@ -{ +[{ "apiVersion": "influxdata.com/v2alpha1", "kind": "CheckThreshold", "metadata": { @@ -29,4 +29,4 @@ } ] } -} \ No newline at end of file +}] \ No newline at end of file From 1fa526cd0e4e42b012d09f3f71694d1e0da116e6 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 14 Feb 2023 11:22:54 -0500 Subject: [PATCH 52/62] influx upgrade --- .../templates/alarm_logstash_eps.json | 21 +++++++++++++++++++ .../dashboard-security_onion_performance.json | 2 +- 2 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 salt/influxdb/templates/alarm_logstash_eps.json diff --git a/salt/influxdb/templates/alarm_logstash_eps.json b/salt/influxdb/templates/alarm_logstash_eps.json new file mode 100644 index 000000000..2d70eaf11 --- /dev/null +++ b/salt/influxdb/templates/alarm_logstash_eps.json @@ -0,0 +1,21 @@ +[{ + "apiVersion": "influxdata.com/v2alpha1", + "kind": "CheckThreshold", + "metadata": { + "name": "alarm-logstash-eps" + }, + "spec": { + "every": "1m0s", + "name": "Logstash EPS at 0", + "query": "from(bucket: \"telegraf/so_short_term\")\n |\u003e range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |\u003e filter(fn: (r) =\u003e r[\"_measurement\"] == \"logstash_events\")\n |\u003e filter(fn: (r) =\u003e r[\"_field\"] == \"in\")\n |\u003e aggregateWindow(every: 1m, fn: mean, createEmpty: false)\n |\u003e yield(name: \"mean\")", + "status": "active", + "statusMessageTemplate": "Check: ${ r._check_name } is: ${ r._level }", + "thresholds": [ + { + "level": "CRIT", + "type": "lesser", + "value": 1 + } + ] + } +}] \ No newline at end of file diff --git a/salt/influxdb/templates/dashboard-security_onion_performance.json b/salt/influxdb/templates/dashboard-security_onion_performance.json index 9057d1078..c6a30ed95 100644 --- a/salt/influxdb/templates/dashboard-security_onion_performance.json +++ b/salt/influxdb/templates/dashboard-security_onion_performance.json @@ -1 +1 @@ -[{"apiVersion":"influxdata.com/v2alpha1","kind":"Dashboard","metadata":{"name":"dashboard-so"},"spec":{"charts":[{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Uptime","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime\")\n |> hostFilter()\n |> map(fn: (r) => ({r with _value: r._value / (24 * 60 * 60)}))\n |> group(columns: [\"host\"])\n |> last()\n |> lowestMin(n:1)"}],"staticLegend":{},"suffix":" days","width":1},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"},{"id":"z83MTSufTrlrCoEPiBXda","name":"ruby","type":"text","hex":"#BF3D5E","value":1}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Critical Alarms","queries":[{"query":"from(bucket: \"_monitoring\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"statuses\")\n |> filter(fn: (r) => r[\"_field\"] == \"_message\")\n |> filter(fn: (r) => r[\"_level\"] == \"crit\")\n |> group(columns: [\"_check_id\"])\n |> sort(columns: [\"_time\"])\n |> last()\n |> group()\n |> count()"}],"staticLegend":{},"suffix":" ","width":1,"yPos":2},{"colors":[{"id":"base","name":"rainforest","type":"text","hex":"#4ED8A0"},{"id":"QCTYWuGuHkikYFsZSKMzQ","name":"rainforest","type":"text","hex":"#4ED8A0"},{"id":"QdpMyTRBb0LJ56-P5wfAW","name":"laser","type":"text","hex":"#00C9FF","value":1},{"id":"VQGwCoMrxZyP8asiOW5Cq","name":"tiger","type":"text","hex":"#F48D38","value":2},{"id":"zSO9QkesSIxrU_ntCBx2i","name":"ruby","type":"text","hex":"#BF3D5E","value":3}],"fieldOptions":[{"fieldName":"_time","visible":true},{"displayName":"Alarm","fieldName":"_check_name","visible":true},{"displayName":"Severity","fieldName":"_value","visible":true},{"displayName":"Status","fieldName":"_level","visible":true}],"height":6,"kind":"Table","name":"Alarm Status","queries":[{"query":"from(bucket: \"_monitoring\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"statuses\")\n |> filter(fn: (r) => r[\"_field\"] == \"_message\")\n |> drop(columns: [\"_value\"])\n |> duplicate(column: \"_level\", as: \"_value\")\n |> map(fn: (r) => ({ r with _value: if r._value == \"ok\" then 0 else if r._value == \"info\" then 1 else if r._value == \"warn\" then 2 else 3 }))\n |> group(columns: [\"_check_id\"])\n |> sort(columns: [\"_time\"])\n |> last()\n |> group()\n |> keep(columns: [\"_check_name\",\"_level\",\"_value\"])"}],"staticLegend":{},"tableOptions":{"sortBy":"_check_name","verticalTimeAxis":true},"timeFormat":"YYYY-MM-DD HH:mm:ss","width":3,"yPos":4},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"B"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elasticsearch Storage Size","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"store_size_in_bytes\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"store_size_in_bytes\")\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":10},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"B"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"InfluxDB Size","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"influxsize\")\n |> filter(fn: (r) => r[\"_field\"] == \"kbytes\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 1000.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"influxsize\")\n |> filter(fn: (r) => r[\"_field\"] == \"kbytes\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 1000.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":14},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System Uptime","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: true)\n |> map(fn: (r) => ({r with _value: r._value / (24 * 60 * 60)}))\n |> yield(name: \"last\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: true)\n |> map(fn: (r) => ({r with _value: r._value / (24.0 * 60.0 * 60.0)}))\n |> yield(name: \"last\")"}],"shade":true,"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System CPU Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\",\"host\", \"role\"])\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":22},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System Memory Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":26},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Monitor Interface Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_recv\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Management Interface Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_recv\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":34},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Stenographer Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":38},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Disk Usage /","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":42},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"5m Load Average","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"load5\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":1},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"},{"id":"z83MTSufTrlrCoEPiBXda","name":"tiger","type":"text","hex":"#F48D38","value":1}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Warning Alarms","queries":[{"query":"from(bucket: \"_monitoring\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"statuses\")\n |> filter(fn: (r) => r[\"_field\"] == \"_message\")\n |> filter(fn: (r) => r[\"_level\"] == \"warn\")\n |> group(columns: [\"_check_id\"])\n |> sort(columns: [\"_time\"])\n |> last()\n |> group()\n |> count()"}],"staticLegend":{},"suffix":" ","width":1,"xPos":1,"yPos":2},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"IO Wait","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_iowait\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":2},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"},{"id":"z83MTSufTrlrCoEPiBXda","name":"laser","type":"text","hex":"#00C9FF","value":1}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Informative Alarms","queries":[{"query":"from(bucket: \"_monitoring\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"statuses\")\n |> filter(fn: (r) => r[\"_field\"] == \"_message\")\n |> filter(fn: (r) => r[\"_level\"] == \"info\")\n |> group(columns: [\"_check_id\"])\n |> sort(columns: [\"_time\"])\n |> last()\n |> group()\n |> count()"}],"staticLegend":{},"suffix":" ","width":1,"xPos":2,"yPos":2},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Estimated EPS In","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"in\")\n |> hostFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":3},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":70},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":80},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"CPU Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":3,"yPos":2},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"kOQLOg2H4FVEE-E1_L8Kq","name":"laser","type":"threshold","hex":"#00C9FF","value":85},{"id":"5IArg2lDb8KvnphywgUXa","name":"tiger","type":"threshold","hex":"#F48D38","value":90},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"ruby","type":"threshold","hex":"#BF3D5E","value":95},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"Root Disk Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":3,"yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Suricata Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":3,"yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Redis Queue","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"unparsed\")\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":4},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elasticsearch Document Count","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"docs_count\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"docs_count\")\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":10},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Redis Queue","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"unparsed\")\n |> group(columns: [\"host\", \"_field\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"unparsed\")\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"host\", \"_field\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":14},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Uptime","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_status\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime_ns\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: true)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> map(fn: (r) => ({r with _value: r._value / (24 * 60 * 60 * 1000000000)}))\n |> yield(name: \"last\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_status\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime_ns\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: true)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> map(fn: (r) => ({r with _value: r._value / (24.0 * 60.0 * 60.0 * 1000000000.0)}))\n |> yield(name: \"last\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"yT5vTIlaaFChSrQvKLfqf","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"mzzUVSu3ibTph1JmQmDAQ","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"mOcnDo7l8ii6qNLFIB5rs","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container CPU Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":22},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Memory Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":26},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_net\")\n |> filter(fn: (r) => r[\"_field\"] == \"rx_bytes\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_net\")\n |> filter(fn: (r) => r[\"_field\"] == \"rx_bytes\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with _value: r._value * 8.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Disk Usage /nsm","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key:\"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xPos":4,"yPos":42},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Inbound Traffic","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\") \n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: r._value * 8.0 / (1000.0 * 1000.0)}))\n |> group(columns: [\"host\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> last()\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":" Mb/s","width":1,"xPos":5},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Inbound Drops","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop_in\") \n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: r._value * 8.0 / (1000.0 * 1000.0)}))\n |> group(columns: [\"host\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> last()\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":" Mb/s","width":1,"xPos":6},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":70},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":80},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"Memory Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":6,"yPos":2},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"laser","type":"threshold","hex":"#00C9FF","value":85},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"tiger","type":"threshold","hex":"#F48D38","value":90},{"id":"H7uprvKmMEh39en6X-ms_","name":"ruby","type":"threshold","hex":"#BF3D5E","value":95},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"NSM Disk Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":6,"yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Management Interface Traffic - Outbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_sent\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n \n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_sent\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_sent\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n \n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":34},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Zeek Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Capture Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"loss\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":7},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Zeek Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":8},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"s"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elastic Ingest Time Spent","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_community_id_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"community.id_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_conditional_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"conditional_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_date_index_name_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"date.index.name_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_date_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"date_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_dissect_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"dissect_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_dot_expander_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"dot.expander_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_geoip_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"geoip_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_grok_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"grok_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_json_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"json_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_kv_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"kv_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_lowercase_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"lowercase_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_rename_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"rename_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_script_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"script_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_user_agent_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"user.agent_time\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":10},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"1m Load Average","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"load1\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"load1\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\",\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":14,"yTickStep":1},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":" e/s"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Logstash EPS","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"in\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"out\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: -r._value}))\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"in\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> set(key: \"_field\", value: \"Trend In\")\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"out\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: -r._value}))\n |> set(key: \"_field\", value: \"Trend Out\")\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"UAehjIsi65P8u92M_3sQY","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"_SCP8Npp4NVMx2N4mfuzX","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"BoMPg4R1KDp_UsRORdV3_","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"IO Wait","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_iowait\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_iowait\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":22},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Swap Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":26},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Monitor Interface Drops - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop_in\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"drop_in\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop_in\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Stenographer PCAP Retention","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"seconds\")\n |> map(fn: (r) => ({ r with _value: r._value / (24.0 * 3600.0)}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"seconds\")\n |> set(key: \"_field\", value: \"Trend\")\n |> map(fn: (r) => ({ r with _value: r._value / (24.0 * 3600.0)}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":42},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Suricata Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":9},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":50},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":70},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"Swap Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":9,"yPos":2},{"colors":[{"id":"base","name":"white","type":"text","hex":"#ffffff"}],"fieldOptions":[{"displayName":"Host","fieldName":"host","visible":true},{"displayName":"Name","fieldName":"container_name","visible":true},{"displayName":"Status","fieldName":"container_status","visible":true},{"displayName":"OOM Killed","fieldName":"_value","visible":true},{"displayName":"_start","fieldName":"_start","visible":true},{"displayName":"_stop","fieldName":"_stop","visible":true},{"displayName":"_time","fieldName":"_time","visible":true},{"displayName":"_field","fieldName":"_field","visible":true},{"displayName":"_measurement","fieldName":"_measurement","visible":true},{"displayName":"engine_host","fieldName":"engine_host","visible":true},{"displayName":"role","fieldName":"role","visible":true},{"displayName":"server_version","fieldName":"server_version","visible":true},{"displayName":"container_image","fieldName":"container_image","visible":true},{"displayName":"container_version","fieldName":"container_version","visible":true},{"displayName":"description","fieldName":"description","visible":true},{"displayName":"maintainer","fieldName":"maintainer","visible":true},{"displayName":"io.k8s.description","fieldName":"io.k8s.description","visible":true},{"displayName":"io.k8s.display-name","fieldName":"io.k8s.display-name","visible":true},{"displayName":"license","fieldName":"license","visible":true},{"displayName":"name","fieldName":"name","visible":true},{"displayName":"org.label-schema.build-date","fieldName":"org.label-schema.build-date","visible":true},{"displayName":"org.label-schema.license","fieldName":"org.label-schema.license","visible":true},{"displayName":"org.label-schema.name","fieldName":"org.label-schema.name","visible":true},{"displayName":"org.label-schema.schema-version","fieldName":"org.label-schema.schema-version","visible":true},{"displayName":"org.label-schema.url","fieldName":"org.label-schema.url","visible":true},{"displayName":"org.label-schema.vcs-ref","fieldName":"org.label-schema.vcs-ref","visible":true},{"displayName":"org.label-schema.vcs-url","fieldName":"org.label-schema.vcs-url","visible":true},{"displayName":"org.label-schema.vendor","fieldName":"org.label-schema.vendor","visible":true},{"displayName":"org.label-schema.version","fieldName":"org.label-schema.version","visible":true},{"displayName":"org.opencontainers.image.created","fieldName":"org.opencontainers.image.created","visible":true},{"displayName":"org.opencontainers.image.licenses","fieldName":"org.opencontainers.image.licenses","visible":true},{"displayName":"org.opencontainers.image.title","fieldName":"org.opencontainers.image.title","visible":true},{"displayName":"org.opencontainers.image.vendor","fieldName":"org.opencontainers.image.vendor","visible":true},{"displayName":"release","fieldName":"release","visible":true},{"displayName":"summary","fieldName":"summary","visible":true},{"displayName":"url","fieldName":"url","visible":true},{"displayName":"vendor","fieldName":"vendor","visible":true},{"displayName":"version","fieldName":"version","visible":true},{"displayName":"org.label-schema.usage","fieldName":"org.label-schema.usage","visible":true},{"displayName":"org.opencontainers.image.documentation","fieldName":"org.opencontainers.image.documentation","visible":true},{"displayName":"org.opencontainers.image.revision","fieldName":"org.opencontainers.image.revision","visible":true},{"displayName":"org.opencontainers.image.source","fieldName":"org.opencontainers.image.source","visible":true},{"displayName":"org.opencontainers.image.url","fieldName":"org.opencontainers.image.url","visible":true},{"displayName":"org.opencontainers.image.version","fieldName":"org.opencontainers.image.version","visible":true},{"displayName":"org.opencontainers.image.description","fieldName":"org.opencontainers.image.description","visible":true}],"height":4,"kind":"Table","name":"Troubled Containers","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_status\")\n |> filter(fn: (r) => r[\"_field\"] == \"oomkilled\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"container_image\", \"host\"])\n |> last()\n |> group()\n |> keep(columns: [\"_value\", \"container_name\", \"host\"])\n |> filter(fn: (r) => r[\"container_status\"] != \"running\")"}],"staticLegend":{},"tableOptions":{"sortBy":"container_name","verticalTimeAxis":true},"timeFormat":"YYYY-MM-DD HH:mm:ss","width":3,"xPos":9,"yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Zeek Capture Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"loss\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"loss\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":9,"yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Stenographer Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":10},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"PCAP Retention","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"seconds\")\n |> hostFilter()\n |> map(fn: (r) => ({r with _value: r._value / (24.0 * 60.0 * 60.0)}))\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":" days","width":1,"xPos":11}],"description":"Visualize the Security Onion grid performance metrics and alarm statuses.","name":"Security Onion Performance"}}] \ No newline at end of file +[{"apiVersion":"influxdata.com/v2alpha1","kind":"Dashboard","metadata":{"name":"dashboard-so"},"spec":{"charts":[{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Uptime","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime\")\n |> hostFilter()\n |> map(fn: (r) => ({r with _value: r._value / (24 * 60 * 60)}))\n |> group(columns: [\"host\"])\n |> last()\n |> lowestMin(n:1)"}],"staticLegend":{},"suffix":" days","width":1},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"},{"id":"z83MTSufTrlrCoEPiBXda","name":"ruby","type":"text","hex":"#BF3D5E","value":1}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Critical Alarms","queries":[{"query":"from(bucket: \"_monitoring\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"statuses\")\n |> filter(fn: (r) => r[\"_field\"] == \"_message\")\n |> filter(fn: (r) => r[\"_level\"] == \"crit\")\n |> group(columns: [\"_check_id\"])\n |> sort(columns: [\"_time\"])\n |> last()\n |> group()\n |> count()"}],"staticLegend":{},"suffix":" ","width":1,"yPos":2},{"colors":[{"id":"base","name":"rainforest","type":"text","hex":"#4ED8A0"},{"id":"QCTYWuGuHkikYFsZSKMzQ","name":"rainforest","type":"text","hex":"#4ED8A0"},{"id":"QdpMyTRBb0LJ56-P5wfAW","name":"laser","type":"text","hex":"#00C9FF","value":1},{"id":"VQGwCoMrxZyP8asiOW5Cq","name":"tiger","type":"text","hex":"#F48D38","value":2},{"id":"zSO9QkesSIxrU_ntCBx2i","name":"ruby","type":"text","hex":"#BF3D5E","value":3}],"fieldOptions":[{"fieldName":"_time","visible":true},{"displayName":"Alarm","fieldName":"_check_name","visible":true},{"displayName":"Severity","fieldName":"_value","visible":true},{"displayName":"Status","fieldName":"_level","visible":true}],"height":6,"kind":"Table","name":"Alarm Status","queries":[{"query":"from(bucket: \"_monitoring\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"statuses\")\n |> filter(fn: (r) => r[\"_field\"] == \"_message\")\n |> drop(columns: [\"_value\"])\n |> duplicate(column: \"_level\", as: \"_value\")\n |> map(fn: (r) => ({ r with _value: if r._value == \"ok\" then 0 else if r._value == \"info\" then 1 else if r._value == \"warn\" then 2 else 3 }))\n |> group(columns: [\"_check_id\"])\n |> sort(columns: [\"_time\"])\n |> last()\n |> group()\n |> keep(columns: [\"_check_name\",\"_level\",\"_value\"])"}],"staticLegend":{},"tableOptions":{"sortBy":"_check_name","verticalTimeAxis":true},"timeFormat":"YYYY-MM-DD HH:mm:ss","width":3,"yPos":4},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"B"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elasticsearch Storage Size","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"store_size_in_bytes\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"store_size_in_bytes\")\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":10},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"B"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"InfluxDB Size","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"influxsize\")\n |> filter(fn: (r) => r[\"_field\"] == \"kbytes\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 1000.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"influxsize\")\n |> filter(fn: (r) => r[\"_field\"] == \"kbytes\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 1000.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":14},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System Uptime","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"host\", \"role\"])\n |> map(fn: (r) => ({r with _value: float(v: r._value) / float(v: 24 * 60 * 60)}))\n |> yield(name: \"last\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"host\", \"role\"])\n |> map(fn: (r) => ({r with _value: float(v: r._value) / float(v: 24 * 60 * 60)}))\n |> yield(name: \"Trend\")"}],"shade":true,"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System CPU Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\",\"host\", \"role\"])\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":22},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System Memory Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":26},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Monitor Interface Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_recv\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Management Interface Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_recv\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":34},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Stenographer Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":38},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Disk Usage /","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":42},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"5m Load Average","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"load5\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":1},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"},{"id":"z83MTSufTrlrCoEPiBXda","name":"tiger","type":"text","hex":"#F48D38","value":1}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Warning Alarms","queries":[{"query":"from(bucket: \"_monitoring\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"statuses\")\n |> filter(fn: (r) => r[\"_field\"] == \"_message\")\n |> filter(fn: (r) => r[\"_level\"] == \"warn\")\n |> group(columns: [\"_check_id\"])\n |> sort(columns: [\"_time\"])\n |> last()\n |> group()\n |> count()"}],"staticLegend":{},"suffix":" ","width":1,"xPos":1,"yPos":2},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"IO Wait","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_iowait\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":2},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"},{"id":"z83MTSufTrlrCoEPiBXda","name":"laser","type":"text","hex":"#00C9FF","value":1}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Informative Alarms","queries":[{"query":"from(bucket: \"_monitoring\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"statuses\")\n |> filter(fn: (r) => r[\"_field\"] == \"_message\")\n |> filter(fn: (r) => r[\"_level\"] == \"info\")\n |> group(columns: [\"_check_id\"])\n |> sort(columns: [\"_time\"])\n |> last()\n |> group()\n |> count()"}],"staticLegend":{},"suffix":" ","width":1,"xPos":2,"yPos":2},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Estimated EPS In","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"in\")\n |> hostFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":3},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":70},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":80},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"CPU Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":3,"yPos":2},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"kOQLOg2H4FVEE-E1_L8Kq","name":"laser","type":"threshold","hex":"#00C9FF","value":85},{"id":"5IArg2lDb8KvnphywgUXa","name":"tiger","type":"threshold","hex":"#F48D38","value":90},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"ruby","type":"threshold","hex":"#BF3D5E","value":95},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"Root Disk Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":3,"yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Suricata Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":3,"yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Redis Queue","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"unparsed\")\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":4},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elasticsearch Document Count","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"docs_count\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"docs_count\")\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":10},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Redis Queue","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"unparsed\")\n |> group(columns: [\"host\", \"_field\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"unparsed\")\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"host\", \"_field\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":14},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Uptime","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_status\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime_ns\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> group(columns: [\"host\", \"role\", \"container_name\"])\n |> map(fn: (r) => ({r with _value: float(v: r._value) / float(v: 24 * 60 * 60 * 1000000000)}))\n |> yield(name: \"last\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_status\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime_ns\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> group(columns: [\"host\", \"role\", \"container_name\"])\n |> map(fn: (r) => ({r with _value: float(v: r._value) / float(v: 24.0 * 60.0 * 60.0 * 1000000000.0)}))\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"yT5vTIlaaFChSrQvKLfqf","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"mzzUVSu3ibTph1JmQmDAQ","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"mOcnDo7l8ii6qNLFIB5rs","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container CPU Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":22},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Memory Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":26},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b"}],"colorizeRows":true,"colors":[{"id":"0ynR6Zs0wuQ3WY0Lz-_KC","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"YiArehCNBwFm9mn8DSXSG","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"DxByY_EQW9Xs2jD5ktkG5","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_net\")\n |> filter(fn: (r) => r[\"_field\"] == \"rx_bytes\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_net\")\n |> filter(fn: (r) => r[\"_field\"] == \"rx_bytes\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with _value: r._value * 8.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Disk Usage /nsm","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key:\"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xPos":4,"yPos":42},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Inbound Traffic","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\") \n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: r._value * 8.0 / (1000.0 * 1000.0)}))\n |> group(columns: [\"host\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> last()\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":" Mb/s","width":1,"xPos":5},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Inbound Drops","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop_in\") \n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: r._value * 8.0 / (1000.0 * 1000.0)}))\n |> group(columns: [\"host\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> last()\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":" Mb/s","width":1,"xPos":6},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":70},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":80},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"Memory Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":6,"yPos":2},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"laser","type":"threshold","hex":"#00C9FF","value":85},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"tiger","type":"threshold","hex":"#F48D38","value":90},{"id":"H7uprvKmMEh39en6X-ms_","name":"ruby","type":"threshold","hex":"#BF3D5E","value":95},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"NSM Disk Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":6,"yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Management Interface Traffic - Outbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_sent\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n \n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_sent\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_sent\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n \n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":34},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Zeek Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Capture Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"loss\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":7},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Zeek Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":8},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"s"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elastic Ingest Time Spent","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_community_id_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"community.id_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_conditional_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"conditional_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_date_index_name_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"date.index.name_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_date_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"date_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_dissect_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"dissect_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_dot_expander_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"dot.expander_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_geoip_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"geoip_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_grok_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"grok_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_json_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"json_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_kv_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"kv_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_lowercase_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"lowercase_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_rename_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"rename_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_script_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"script_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_user_agent_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"user.agent_time\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":10},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"1m Load Average","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"load1\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"load1\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\",\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":14,"yTickStep":1},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":" e/s"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Logstash EPS","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"in\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"out\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: -r._value}))\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"in\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> set(key: \"_field\", value: \"Trend In\")\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"out\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: -r._value}))\n |> set(key: \"_field\", value: \"Trend Out\")\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"UAehjIsi65P8u92M_3sQY","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"_SCP8Npp4NVMx2N4mfuzX","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"BoMPg4R1KDp_UsRORdV3_","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"IO Wait","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_iowait\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_iowait\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":22},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Swap Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":26},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Monitor Interface Drops - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop_in\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"drop_in\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop_in\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Stenographer PCAP Retention","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"seconds\")\n |> map(fn: (r) => ({ r with _value: r._value / (24.0 * 3600.0)}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"seconds\")\n |> set(key: \"_field\", value: \"Trend\")\n |> map(fn: (r) => ({ r with _value: r._value / (24.0 * 3600.0)}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":42},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Suricata Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":9},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":50},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":70},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"Swap Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":9,"yPos":2},{"colors":[{"id":"base","name":"white","type":"text","hex":"#ffffff"}],"fieldOptions":[{"displayName":"Host","fieldName":"host","visible":true},{"displayName":"Name","fieldName":"container_name","visible":true},{"displayName":"Status","fieldName":"container_status","visible":true},{"displayName":"OOM Killed","fieldName":"_value","visible":true},{"displayName":"_start","fieldName":"_start","visible":true},{"displayName":"_stop","fieldName":"_stop","visible":true},{"displayName":"_time","fieldName":"_time","visible":true},{"displayName":"_field","fieldName":"_field","visible":true},{"displayName":"_measurement","fieldName":"_measurement","visible":true},{"displayName":"engine_host","fieldName":"engine_host","visible":true},{"displayName":"role","fieldName":"role","visible":true},{"displayName":"server_version","fieldName":"server_version","visible":true},{"displayName":"container_image","fieldName":"container_image","visible":true},{"displayName":"container_version","fieldName":"container_version","visible":true},{"displayName":"description","fieldName":"description","visible":true},{"displayName":"maintainer","fieldName":"maintainer","visible":true},{"displayName":"io.k8s.description","fieldName":"io.k8s.description","visible":true},{"displayName":"io.k8s.display-name","fieldName":"io.k8s.display-name","visible":true},{"displayName":"license","fieldName":"license","visible":true},{"displayName":"name","fieldName":"name","visible":true},{"displayName":"org.label-schema.build-date","fieldName":"org.label-schema.build-date","visible":true},{"displayName":"org.label-schema.license","fieldName":"org.label-schema.license","visible":true},{"displayName":"org.label-schema.name","fieldName":"org.label-schema.name","visible":true},{"displayName":"org.label-schema.schema-version","fieldName":"org.label-schema.schema-version","visible":true},{"displayName":"org.label-schema.url","fieldName":"org.label-schema.url","visible":true},{"displayName":"org.label-schema.vcs-ref","fieldName":"org.label-schema.vcs-ref","visible":true},{"displayName":"org.label-schema.vcs-url","fieldName":"org.label-schema.vcs-url","visible":true},{"displayName":"org.label-schema.vendor","fieldName":"org.label-schema.vendor","visible":true},{"displayName":"org.label-schema.version","fieldName":"org.label-schema.version","visible":true},{"displayName":"org.opencontainers.image.created","fieldName":"org.opencontainers.image.created","visible":true},{"displayName":"org.opencontainers.image.licenses","fieldName":"org.opencontainers.image.licenses","visible":true},{"displayName":"org.opencontainers.image.title","fieldName":"org.opencontainers.image.title","visible":true},{"displayName":"org.opencontainers.image.vendor","fieldName":"org.opencontainers.image.vendor","visible":true},{"displayName":"release","fieldName":"release","visible":true},{"displayName":"summary","fieldName":"summary","visible":true},{"displayName":"url","fieldName":"url","visible":true},{"displayName":"vendor","fieldName":"vendor","visible":true},{"displayName":"version","fieldName":"version","visible":true},{"displayName":"org.label-schema.usage","fieldName":"org.label-schema.usage","visible":true},{"displayName":"org.opencontainers.image.documentation","fieldName":"org.opencontainers.image.documentation","visible":true},{"displayName":"org.opencontainers.image.revision","fieldName":"org.opencontainers.image.revision","visible":true},{"displayName":"org.opencontainers.image.source","fieldName":"org.opencontainers.image.source","visible":true},{"displayName":"org.opencontainers.image.url","fieldName":"org.opencontainers.image.url","visible":true},{"displayName":"org.opencontainers.image.version","fieldName":"org.opencontainers.image.version","visible":true},{"displayName":"org.opencontainers.image.description","fieldName":"org.opencontainers.image.description","visible":true}],"height":4,"kind":"Table","name":"Most Recent Container Events","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_status\")\n |> filter(fn: (r) => r[\"_field\"] == \"oomkilled\")\n |> filter(fn: (r) => r[\"container_status\"] != \"running\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"container_image\", \"host\"])\n |> last()\n |> group()\n |> keep(columns: [\"_value\", \"container_name\", \"host\", \"container_status\"])"}],"staticLegend":{},"tableOptions":{"sortBy":"container_name","verticalTimeAxis":true},"timeFormat":"YYYY-MM-DD HH:mm:ss","width":3,"xPos":9,"yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Zeek Capture Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"loss\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"loss\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":9,"yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Stenographer Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":10},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"PCAP Retention","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"seconds\")\n |> hostFilter()\n |> map(fn: (r) => ({r with _value: r._value / (24.0 * 60.0 * 60.0)}))\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":" days","width":1,"xPos":11}],"description":"Visualize the Security Onion grid performance metrics and alarm statuses.","name":"Security Onion Performance"}}] \ No newline at end of file From 8746f558348237d06b8a72629004d6f189de498b Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 15 Feb 2023 08:03:22 -0500 Subject: [PATCH 53/62] influx upgrade --- salt/common/tools/sbin/so-influxdb-manage | 20 ++++++++++++++++++++ salt/soc/defaults.map.jinja | 6 ++++++ 2 files changed, 26 insertions(+) diff --git a/salt/common/tools/sbin/so-influxdb-manage b/salt/common/tools/sbin/so-influxdb-manage index 96b0c01f9..907e0342c 100644 --- a/salt/common/tools/sbin/so-influxdb-manage +++ b/salt/common/tools/sbin/so-influxdb-manage @@ -11,6 +11,8 @@ usage() { echo "Usage: $0 [args]" echo "" echo "Supported Operations:" + echo " dashboardpath Returns the URL path for a dashboard, requires: " + echo " export Exports all templates to stdout" echo " setup Loads all templates and creates all required buckets" echo " userlist Lists users" echo " useradd Adds a new user, requires: " @@ -260,6 +262,24 @@ case "$OP" in check_response "$response" ;; + export) + log "Exporting all organization templates" + request templates/export -X POST -d "{\"orgIDs\":[{\"orgID\":\"$oid\"}]}" -H "Content-Type: application/json" + ;; + + dashboardpath) + [ $# -ne 1 ] && usage + name=$1 + response=$(request dashboards?limit=100&orgID=$oid) + check_response "$response" + dbid=$(echo "$response" | jq -r ".dashboards[] | select(.name == \"$name\").id") + if [[ -z "$dbid" ]]; then + log "Dashboard not found" + exit 1 + fi + echo -n "/influxdb/orgs/$oid/dashboards/$dbid" + ;; + *) usage ;; diff --git a/salt/soc/defaults.map.jinja b/salt/soc/defaults.map.jinja index 912b16f46..17253b7fb 100644 --- a/salt/soc/defaults.map.jinja +++ b/salt/soc/defaults.map.jinja @@ -2,6 +2,7 @@ {% from 'vars/globals.map.jinja' import GLOBALS %} {% from 'docker/docker.map.jinja' import DOCKER -%} {%- set INFLUXDB_TOKEN = salt['pillar.get']('secrets:influx_token') %} +{%- set METRICS_LINK = salt['cmd.run']('so-influxdb-manage dashboardpath "Security Onion Performance"') %} {% for module, application_url in GLOBALS.application_urls.items() %} {% do SOCDEFAULTS.soc.server.modules[module].update({'hostUrl': application_url}) %} @@ -18,6 +19,11 @@ {% do SOCDEFAULTS.soc.server.modules.influxdb.update({'hostUrl': 'https://' ~ GLOBALS.influxdb_host ~ ':8086'}) %} {% do SOCDEFAULTS.soc.server.modules.influxdb.update({'token': INFLUXDB_TOKEN}) %} +{% for tool in SOCDEFAULTS.soc.server.client.tools %} +{% if tool.name == "toolInfluxDb" %} +{% do tool.update({'link': METRICS_LINK}) %} +{% endif %} +{% endfor %} {% do SOCDEFAULTS.soc.server.modules.statickeyauth.update({'anonymousCidr': DOCKER.sorange, 'apiKey': pillar.sensoroni.sensoronikey}) %} From c43ccb7ed2fdef02e56c963f5240d4926ed41f12 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 15 Feb 2023 09:47:18 -0500 Subject: [PATCH 54/62] influx upgrade --- .../templates/dashboard-security_onion_performance.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/influxdb/templates/dashboard-security_onion_performance.json b/salt/influxdb/templates/dashboard-security_onion_performance.json index c6a30ed95..3cad5b362 100644 --- a/salt/influxdb/templates/dashboard-security_onion_performance.json +++ b/salt/influxdb/templates/dashboard-security_onion_performance.json @@ -1 +1 @@ -[{"apiVersion":"influxdata.com/v2alpha1","kind":"Dashboard","metadata":{"name":"dashboard-so"},"spec":{"charts":[{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Uptime","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime\")\n |> hostFilter()\n |> map(fn: (r) => ({r with _value: r._value / (24 * 60 * 60)}))\n |> group(columns: [\"host\"])\n |> last()\n |> lowestMin(n:1)"}],"staticLegend":{},"suffix":" days","width":1},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"},{"id":"z83MTSufTrlrCoEPiBXda","name":"ruby","type":"text","hex":"#BF3D5E","value":1}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Critical Alarms","queries":[{"query":"from(bucket: \"_monitoring\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"statuses\")\n |> filter(fn: (r) => r[\"_field\"] == \"_message\")\n |> filter(fn: (r) => r[\"_level\"] == \"crit\")\n |> group(columns: [\"_check_id\"])\n |> sort(columns: [\"_time\"])\n |> last()\n |> group()\n |> count()"}],"staticLegend":{},"suffix":" ","width":1,"yPos":2},{"colors":[{"id":"base","name":"rainforest","type":"text","hex":"#4ED8A0"},{"id":"QCTYWuGuHkikYFsZSKMzQ","name":"rainforest","type":"text","hex":"#4ED8A0"},{"id":"QdpMyTRBb0LJ56-P5wfAW","name":"laser","type":"text","hex":"#00C9FF","value":1},{"id":"VQGwCoMrxZyP8asiOW5Cq","name":"tiger","type":"text","hex":"#F48D38","value":2},{"id":"zSO9QkesSIxrU_ntCBx2i","name":"ruby","type":"text","hex":"#BF3D5E","value":3}],"fieldOptions":[{"fieldName":"_time","visible":true},{"displayName":"Alarm","fieldName":"_check_name","visible":true},{"displayName":"Severity","fieldName":"_value","visible":true},{"displayName":"Status","fieldName":"_level","visible":true}],"height":6,"kind":"Table","name":"Alarm Status","queries":[{"query":"from(bucket: \"_monitoring\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"statuses\")\n |> filter(fn: (r) => r[\"_field\"] == \"_message\")\n |> drop(columns: [\"_value\"])\n |> duplicate(column: \"_level\", as: \"_value\")\n |> map(fn: (r) => ({ r with _value: if r._value == \"ok\" then 0 else if r._value == \"info\" then 1 else if r._value == \"warn\" then 2 else 3 }))\n |> group(columns: [\"_check_id\"])\n |> sort(columns: [\"_time\"])\n |> last()\n |> group()\n |> keep(columns: [\"_check_name\",\"_level\",\"_value\"])"}],"staticLegend":{},"tableOptions":{"sortBy":"_check_name","verticalTimeAxis":true},"timeFormat":"YYYY-MM-DD HH:mm:ss","width":3,"yPos":4},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"B"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elasticsearch Storage Size","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"store_size_in_bytes\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"store_size_in_bytes\")\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":10},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"B"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"InfluxDB Size","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"influxsize\")\n |> filter(fn: (r) => r[\"_field\"] == \"kbytes\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 1000.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"influxsize\")\n |> filter(fn: (r) => r[\"_field\"] == \"kbytes\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 1000.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":14},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System Uptime","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"host\", \"role\"])\n |> map(fn: (r) => ({r with _value: float(v: r._value) / float(v: 24 * 60 * 60)}))\n |> yield(name: \"last\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"host\", \"role\"])\n |> map(fn: (r) => ({r with _value: float(v: r._value) / float(v: 24 * 60 * 60)}))\n |> yield(name: \"Trend\")"}],"shade":true,"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System CPU Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\",\"host\", \"role\"])\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":22},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System Memory Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":26},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Monitor Interface Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_recv\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Management Interface Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_recv\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":34},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Stenographer Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":38},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Disk Usage /","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":42},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"5m Load Average","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"load5\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":1},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"},{"id":"z83MTSufTrlrCoEPiBXda","name":"tiger","type":"text","hex":"#F48D38","value":1}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Warning Alarms","queries":[{"query":"from(bucket: \"_monitoring\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"statuses\")\n |> filter(fn: (r) => r[\"_field\"] == \"_message\")\n |> filter(fn: (r) => r[\"_level\"] == \"warn\")\n |> group(columns: [\"_check_id\"])\n |> sort(columns: [\"_time\"])\n |> last()\n |> group()\n |> count()"}],"staticLegend":{},"suffix":" ","width":1,"xPos":1,"yPos":2},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"IO Wait","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_iowait\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":2},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"},{"id":"z83MTSufTrlrCoEPiBXda","name":"laser","type":"text","hex":"#00C9FF","value":1}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Informative Alarms","queries":[{"query":"from(bucket: \"_monitoring\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"statuses\")\n |> filter(fn: (r) => r[\"_field\"] == \"_message\")\n |> filter(fn: (r) => r[\"_level\"] == \"info\")\n |> group(columns: [\"_check_id\"])\n |> sort(columns: [\"_time\"])\n |> last()\n |> group()\n |> count()"}],"staticLegend":{},"suffix":" ","width":1,"xPos":2,"yPos":2},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Estimated EPS In","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"in\")\n |> hostFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":3},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":70},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":80},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"CPU Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":3,"yPos":2},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"kOQLOg2H4FVEE-E1_L8Kq","name":"laser","type":"threshold","hex":"#00C9FF","value":85},{"id":"5IArg2lDb8KvnphywgUXa","name":"tiger","type":"threshold","hex":"#F48D38","value":90},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"ruby","type":"threshold","hex":"#BF3D5E","value":95},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"Root Disk Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":3,"yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Suricata Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":3,"yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Redis Queue","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"unparsed\")\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":4},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elasticsearch Document Count","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"docs_count\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"docs_count\")\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":10},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Redis Queue","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"unparsed\")\n |> group(columns: [\"host\", \"_field\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"unparsed\")\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"host\", \"_field\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":14},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Uptime","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_status\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime_ns\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> group(columns: [\"host\", \"role\", \"container_name\"])\n |> map(fn: (r) => ({r with _value: float(v: r._value) / float(v: 24 * 60 * 60 * 1000000000)}))\n |> yield(name: \"last\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_status\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime_ns\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> group(columns: [\"host\", \"role\", \"container_name\"])\n |> map(fn: (r) => ({r with _value: float(v: r._value) / float(v: 24.0 * 60.0 * 60.0 * 1000000000.0)}))\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"yT5vTIlaaFChSrQvKLfqf","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"mzzUVSu3ibTph1JmQmDAQ","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"mOcnDo7l8ii6qNLFIB5rs","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container CPU Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":22},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Memory Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":26},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b"}],"colorizeRows":true,"colors":[{"id":"0ynR6Zs0wuQ3WY0Lz-_KC","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"YiArehCNBwFm9mn8DSXSG","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"DxByY_EQW9Xs2jD5ktkG5","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_net\")\n |> filter(fn: (r) => r[\"_field\"] == \"rx_bytes\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_net\")\n |> filter(fn: (r) => r[\"_field\"] == \"rx_bytes\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with _value: r._value * 8.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Disk Usage /nsm","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key:\"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xPos":4,"yPos":42},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Inbound Traffic","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\") \n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: r._value * 8.0 / (1000.0 * 1000.0)}))\n |> group(columns: [\"host\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> last()\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":" Mb/s","width":1,"xPos":5},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Inbound Drops","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop_in\") \n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: r._value * 8.0 / (1000.0 * 1000.0)}))\n |> group(columns: [\"host\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> last()\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":" Mb/s","width":1,"xPos":6},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":70},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":80},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"Memory Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":6,"yPos":2},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"laser","type":"threshold","hex":"#00C9FF","value":85},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"tiger","type":"threshold","hex":"#F48D38","value":90},{"id":"H7uprvKmMEh39en6X-ms_","name":"ruby","type":"threshold","hex":"#BF3D5E","value":95},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"NSM Disk Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":6,"yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Management Interface Traffic - Outbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_sent\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n \n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_sent\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_sent\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n \n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":34},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Zeek Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Capture Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"loss\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":7},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Zeek Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":8},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"s"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elastic Ingest Time Spent","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_community_id_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"community.id_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_conditional_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"conditional_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_date_index_name_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"date.index.name_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_date_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"date_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_dissect_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"dissect_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_dot_expander_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"dot.expander_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_geoip_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"geoip_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_grok_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"grok_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_json_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"json_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_kv_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"kv_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_lowercase_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"lowercase_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_rename_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"rename_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_script_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"script_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_user_agent_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"user.agent_time\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":10},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"1m Load Average","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"load1\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"load1\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\",\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":14,"yTickStep":1},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":" e/s"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Logstash EPS","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"in\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"out\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: -r._value}))\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"in\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> set(key: \"_field\", value: \"Trend In\")\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"out\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: -r._value}))\n |> set(key: \"_field\", value: \"Trend Out\")\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"UAehjIsi65P8u92M_3sQY","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"_SCP8Npp4NVMx2N4mfuzX","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"BoMPg4R1KDp_UsRORdV3_","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"IO Wait","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_iowait\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_iowait\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":22},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Swap Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":26},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Monitor Interface Drops - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop_in\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"drop_in\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop_in\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Stenographer PCAP Retention","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"seconds\")\n |> map(fn: (r) => ({ r with _value: r._value / (24.0 * 3600.0)}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"seconds\")\n |> set(key: \"_field\", value: \"Trend\")\n |> map(fn: (r) => ({ r with _value: r._value / (24.0 * 3600.0)}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":42},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Suricata Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":9},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":50},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":70},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"Swap Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":9,"yPos":2},{"colors":[{"id":"base","name":"white","type":"text","hex":"#ffffff"}],"fieldOptions":[{"displayName":"Host","fieldName":"host","visible":true},{"displayName":"Name","fieldName":"container_name","visible":true},{"displayName":"Status","fieldName":"container_status","visible":true},{"displayName":"OOM Killed","fieldName":"_value","visible":true},{"displayName":"_start","fieldName":"_start","visible":true},{"displayName":"_stop","fieldName":"_stop","visible":true},{"displayName":"_time","fieldName":"_time","visible":true},{"displayName":"_field","fieldName":"_field","visible":true},{"displayName":"_measurement","fieldName":"_measurement","visible":true},{"displayName":"engine_host","fieldName":"engine_host","visible":true},{"displayName":"role","fieldName":"role","visible":true},{"displayName":"server_version","fieldName":"server_version","visible":true},{"displayName":"container_image","fieldName":"container_image","visible":true},{"displayName":"container_version","fieldName":"container_version","visible":true},{"displayName":"description","fieldName":"description","visible":true},{"displayName":"maintainer","fieldName":"maintainer","visible":true},{"displayName":"io.k8s.description","fieldName":"io.k8s.description","visible":true},{"displayName":"io.k8s.display-name","fieldName":"io.k8s.display-name","visible":true},{"displayName":"license","fieldName":"license","visible":true},{"displayName":"name","fieldName":"name","visible":true},{"displayName":"org.label-schema.build-date","fieldName":"org.label-schema.build-date","visible":true},{"displayName":"org.label-schema.license","fieldName":"org.label-schema.license","visible":true},{"displayName":"org.label-schema.name","fieldName":"org.label-schema.name","visible":true},{"displayName":"org.label-schema.schema-version","fieldName":"org.label-schema.schema-version","visible":true},{"displayName":"org.label-schema.url","fieldName":"org.label-schema.url","visible":true},{"displayName":"org.label-schema.vcs-ref","fieldName":"org.label-schema.vcs-ref","visible":true},{"displayName":"org.label-schema.vcs-url","fieldName":"org.label-schema.vcs-url","visible":true},{"displayName":"org.label-schema.vendor","fieldName":"org.label-schema.vendor","visible":true},{"displayName":"org.label-schema.version","fieldName":"org.label-schema.version","visible":true},{"displayName":"org.opencontainers.image.created","fieldName":"org.opencontainers.image.created","visible":true},{"displayName":"org.opencontainers.image.licenses","fieldName":"org.opencontainers.image.licenses","visible":true},{"displayName":"org.opencontainers.image.title","fieldName":"org.opencontainers.image.title","visible":true},{"displayName":"org.opencontainers.image.vendor","fieldName":"org.opencontainers.image.vendor","visible":true},{"displayName":"release","fieldName":"release","visible":true},{"displayName":"summary","fieldName":"summary","visible":true},{"displayName":"url","fieldName":"url","visible":true},{"displayName":"vendor","fieldName":"vendor","visible":true},{"displayName":"version","fieldName":"version","visible":true},{"displayName":"org.label-schema.usage","fieldName":"org.label-schema.usage","visible":true},{"displayName":"org.opencontainers.image.documentation","fieldName":"org.opencontainers.image.documentation","visible":true},{"displayName":"org.opencontainers.image.revision","fieldName":"org.opencontainers.image.revision","visible":true},{"displayName":"org.opencontainers.image.source","fieldName":"org.opencontainers.image.source","visible":true},{"displayName":"org.opencontainers.image.url","fieldName":"org.opencontainers.image.url","visible":true},{"displayName":"org.opencontainers.image.version","fieldName":"org.opencontainers.image.version","visible":true},{"displayName":"org.opencontainers.image.description","fieldName":"org.opencontainers.image.description","visible":true}],"height":4,"kind":"Table","name":"Most Recent Container Events","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_status\")\n |> filter(fn: (r) => r[\"_field\"] == \"oomkilled\")\n |> filter(fn: (r) => r[\"container_status\"] != \"running\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"container_image\", \"host\"])\n |> last()\n |> group()\n |> keep(columns: [\"_value\", \"container_name\", \"host\", \"container_status\"])"}],"staticLegend":{},"tableOptions":{"sortBy":"container_name","verticalTimeAxis":true},"timeFormat":"YYYY-MM-DD HH:mm:ss","width":3,"xPos":9,"yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Zeek Capture Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"loss\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"loss\")\n |> hostFilter()\n |> roleFilter()\n |> set(key: \"_field\", value: \"Trend\")\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":9,"yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Stenographer Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":10},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"PCAP Retention","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"seconds\")\n |> hostFilter()\n |> map(fn: (r) => ({r with _value: r._value / (24.0 * 60.0 * 60.0)}))\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":" days","width":1,"xPos":11}],"description":"Visualize the Security Onion grid performance metrics and alarm statuses.","name":"Security Onion Performance"}}] \ No newline at end of file +[{"apiVersion":"influxdata.com/v2alpha1","kind":"Dashboard","metadata":{"name":"dashboard-so"},"spec":{"charts":[{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Uptime","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime\")\n |> hostFilter()\n |> map(fn: (r) => ({r with _value: r._value / (24 * 60 * 60)}))\n |> group(columns: [\"host\"])\n |> last()\n |> lowestMin(n:1)"}],"staticLegend":{},"suffix":" days","width":1},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"},{"id":"z83MTSufTrlrCoEPiBXda","name":"ruby","type":"text","hex":"#BF3D5E","value":1}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Critical Alarms","queries":[{"query":"from(bucket: \"_monitoring\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"statuses\")\n |> filter(fn: (r) => r[\"_field\"] == \"_message\")\n |> group(columns: [\"_check_id\"])\n |> sort(columns: [\"_time\"])\n |> last()\n |> group()\n |> filter(fn: (r) => r[\"_level\"] == \"crit\")\n |> count()"}],"staticLegend":{},"suffix":" ","width":1,"yPos":2},{"colors":[{"id":"base","name":"rainforest","type":"text","hex":"#4ED8A0"},{"id":"QCTYWuGuHkikYFsZSKMzQ","name":"rainforest","type":"text","hex":"#4ED8A0"},{"id":"QdpMyTRBb0LJ56-P5wfAW","name":"laser","type":"text","hex":"#00C9FF","value":1},{"id":"VQGwCoMrxZyP8asiOW5Cq","name":"tiger","type":"text","hex":"#F48D38","value":2},{"id":"zSO9QkesSIxrU_ntCBx2i","name":"ruby","type":"text","hex":"#BF3D5E","value":3}],"fieldOptions":[{"fieldName":"_time","visible":true},{"displayName":"Alarm","fieldName":"_check_name","visible":true},{"displayName":"Severity","fieldName":"_value","visible":true},{"displayName":"Status","fieldName":"_level","visible":true}],"height":6,"kind":"Table","name":"Alarm Status","queries":[{"query":"from(bucket: \"_monitoring\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"statuses\")\n |> filter(fn: (r) => r[\"_field\"] == \"_message\")\n |> drop(columns: [\"_value\"])\n |> duplicate(column: \"_level\", as: \"_value\")\n |> map(fn: (r) => ({ r with _value: if r._value == \"ok\" then 0 else if r._value == \"info\" then 1 else if r._value == \"warn\" then 2 else 3 }))\n |> group(columns: [\"_check_id\"])\n |> sort(columns: [\"_time\"])\n |> last()\n |> group()\n |> keep(columns: [\"_check_name\",\"_level\",\"_value\"])"}],"staticLegend":{},"tableOptions":{"sortBy":"_check_name","verticalTimeAxis":true},"timeFormat":"YYYY-MM-DD HH:mm:ss","width":3,"yPos":4},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"B"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elasticsearch Storage Size","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"store_size_in_bytes\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])\n |> yield(name: \"mean\")"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"store_size_in_bytes\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":10},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"B"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"InfluxDB Size","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"influxsize\")\n |> filter(fn: (r) => r[\"_field\"] == \"kbytes\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 1000.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])\n |> yield(name: \"mean\")"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"influxsize\")\n |> filter(fn: (r) => r[\"_field\"] == \"kbytes\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 1000.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":14},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System Uptime","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"host\", \"role\"])\n |> map(fn: (r) => ({r with _value: float(v: r._value) / float(v: 24 * 60 * 60)}))\n |> yield(name: \"last\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"host\", \"role\"])\n |> map(fn: (r) => ({r with _value: float(v: r._value) / float(v: 24 * 60 * 60)}))\n |> yield(name: \"Trend\")"}],"shade":true,"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System CPU Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\",\"host\", \"role\"])\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":22},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"System Memory Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":26},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Monitor Interface Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_recv\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Management Interface Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_recv\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":34},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Stenographer Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":38},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Disk Usage /","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","yCol":"_value","yPos":42},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"5m Load Average","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"load5\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":1},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"},{"id":"z83MTSufTrlrCoEPiBXda","name":"tiger","type":"text","hex":"#F48D38","value":1}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Warning Alarms","queries":[{"query":"from(bucket: \"_monitoring\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"statuses\")\n |> filter(fn: (r) => r[\"_field\"] == \"_message\")\n |> group(columns: [\"_check_id\"])\n |> sort(columns: [\"_time\"])\n |> last()\n |> group()\n |> filter(fn: (r) => r[\"_level\"] == \"warn\")\n |> count()"}],"staticLegend":{},"suffix":" ","width":1,"xPos":1,"yPos":2},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"IO Wait","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_iowait\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":2},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"},{"id":"z83MTSufTrlrCoEPiBXda","name":"laser","type":"text","hex":"#00C9FF","value":1}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Informative Alarms","queries":[{"query":"from(bucket: \"_monitoring\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"statuses\")\n |> filter(fn: (r) => r[\"_field\"] == \"_message\")\n |> group(columns: [\"_check_id\"])\n |> sort(columns: [\"_time\"])\n |> last()\n |> group()\n |> filter(fn: (r) => r[\"_level\"] == \"info\")\n |> count()"}],"staticLegend":{},"suffix":" ","width":1,"xPos":2,"yPos":2},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Estimated EPS In","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"in\")\n |> hostFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":3},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":70},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":80},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"CPU Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_idle\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> map(fn: (r) => ({r with _value: r._value * -1.0 + 100.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":3,"yPos":2},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"kOQLOg2H4FVEE-E1_L8Kq","name":"laser","type":"threshold","hex":"#00C9FF","value":85},{"id":"5IArg2lDb8KvnphywgUXa","name":"tiger","type":"threshold","hex":"#F48D38","value":90},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"ruby","type":"threshold","hex":"#BF3D5E","value":95},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"Root Disk Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"path\"] == \"/\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":3,"yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Suricata Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":3,"yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":0,"height":2,"kind":"Single_Stat","name":"Redis Queue","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"unparsed\")\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"width":1,"xPos":4},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elasticsearch Document Count","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"docs_count\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])\n |> yield(name: \"mean\")"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_indices\")\n |> filter(fn: (r) => r[\"_field\"] == \"docs_count\")\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":10},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Redis Queue","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"unparsed\")\n |> group(columns: [\"host\", \"_field\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"redisqueue\")\n |> filter(fn: (r) => r[\"_field\"] == \"unparsed\")\n |> group(columns: [\"host\", \"_field\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":14},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Uptime","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_status\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime_ns\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> group(columns: [\"host\", \"role\", \"container_name\"])\n |> sort(columns: [\"_time\"])\n |> map(fn: (r) => ({r with _value: float(v: r._value) / float(v: 24 * 60 * 60 * 1000000000)}))\n |> yield(name: \"last\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_status\")\n |> filter(fn: (r) => r[\"_field\"] == \"uptime_ns\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> group(columns: [\"host\", \"role\", \"container_name\"])\n |> sort(columns: [\"_time\"])\n |> map(fn: (r) => ({r with _value: float(v: r._value) / float(v: 24.0 * 60.0 * 60.0 * 1000000000.0)}))\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"yT5vTIlaaFChSrQvKLfqf","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"mzzUVSu3ibTph1JmQmDAQ","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"mOcnDo7l8ii6qNLFIB5rs","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container CPU Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> sort(columns: [\"_time\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_cpu\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> sort(columns: [\"_time\"])\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":22},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Memory Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> sort(columns: [\"_time\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_percent\")\n |> filter(fn: (r) => r[\"container_status\"] == \"running\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> sort(columns: [\"_time\"])\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":26},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b"}],"colorizeRows":true,"colors":[{"id":"0ynR6Zs0wuQ3WY0Lz-_KC","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"YiArehCNBwFm9mn8DSXSG","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"DxByY_EQW9Xs2jD5ktkG5","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Container Traffic - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_net\")\n |> filter(fn: (r) => r[\"_field\"] == \"rx_bytes\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> sort(columns: [\"_time\"])\n |> yield(name: \"mean\")"},{"query":"containerFilter = (tables=<-) =>\n if v.Container != \"(All)\" then\n tables |> filter(fn: (r) => r[\"container_name\"] == v.Container)\n else\n tables\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_net\")\n |> filter(fn: (r) => r[\"_field\"] == \"rx_bytes\")\n |> hostFilter()\n |> roleFilter()\n |> containerFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with _value: r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\", \"container_name\"])\n |> sort(columns: [\"_time\"])\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":4,"yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Disk Usage /nsm","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xPos":4,"yPos":42},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Inbound Traffic","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_recv\") \n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: r._value * 8.0 / (1000.0 * 1000.0)}))\n |> group(columns: [\"host\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> last()\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":" Mb/s","width":1,"xPos":5},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Inbound Drops","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop_in\") \n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: r._value * 8.0 / (1000.0 * 1000.0)}))\n |> group(columns: [\"host\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> last()\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":" Mb/s","width":1,"xPos":6},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":70},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":80},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"Memory Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"mem\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":6,"yPos":2},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"laser","type":"threshold","hex":"#00C9FF","value":85},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"tiger","type":"threshold","hex":"#F48D38","value":90},{"id":"H7uprvKmMEh39en6X-ms_","name":"ruby","type":"threshold","hex":"#BF3D5E","value":95},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"NSM Disk Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"disk\")\n |> filter(fn: (r) => r[\"path\"] == \"/nsm\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":6,"yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Management Interface Traffic - Outbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_sent\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n \n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"bytes_sent\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"manint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"bytes_sent\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n \n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":6,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":34},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Zeek Packet Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> hostFilter()\n |> roleFilter()\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":6,"yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Capture Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"loss\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":7},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Zeek Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekdrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":8},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"s"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Elastic Ingest Time Spent","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_community_id_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"community.id_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_conditional_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"conditional_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_date_index_name_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"date.index.name_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_date_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"date_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_dissect_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"dissect_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_dot_expander_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"dot.expander_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_geoip_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"geoip_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_grok_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"grok_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_json_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"json_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_kv_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"kv_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_lowercase_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"lowercase_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_rename_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"rename_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_script_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"script_time\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"elasticsearch_clusterstats_nodes\")\n |> filter(fn: (r) => r.role == \"standalone\" or r.role == \"eval\" or r.role == \"import\" or r.role == \"managersearch\" or r.role == \"search\" or r.role == \"node\" or r.role == \"heavynode\")\n |> filter(fn: (r) => r[\"_field\"] == \"ingest_processor_stats_user_agent_time_in_millis\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"user.agent_time\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":10},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear"}],"colorizeRows":true,"colors":[{"id":"sW2GqpGAsGB5Adx16jKjp","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"TsdXuXwdI5Npi9S8L4f-i","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"OGL29-SUbJ6FyQb0JzbaD","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"1m Load Average","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"load1\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"system\")\n |> filter(fn: (r) => r[\"_field\"] == \"load1\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\",\"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: true)\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":14,"yTickStep":1},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":" e/s"}],"colorizeRows":true,"colors":[{"id":"xflqbsX-j3iq4ry5QOntK","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#8F8AF4"},{"id":"5H28HcITm6QVfQsXon0vq","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#A51414"},{"id":"25MrINwurNBkQqeKCkMPg","name":"Do Androids Dream of Electric Sheep?","type":"scale","hex":"#F4CF31"}],"geom":"line","height":4,"heightRatio":0.301556420233463,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Logstash EPS","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"in\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"out\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: -r._value}))\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"in\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"Trend\")"},{"query":"from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"logstash_events\")\n |> filter(fn: (r) => r[\"_field\"] == \"out\")\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\") \n |> map(fn: (r) => ({r with _value: -r._value}))\n |> group(columns: [\"_field\", \"host\", \"pipeline\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.301556420233463,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":18},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"UAehjIsi65P8u92M_3sQY","name":"Nineteen Eighty Four","type":"scale","hex":"#31C0F6"},{"id":"_SCP8Npp4NVMx2N4mfuzX","name":"Nineteen Eighty Four","type":"scale","hex":"#A500A5"},{"id":"BoMPg4R1KDp_UsRORdV3_","name":"Nineteen Eighty Four","type":"scale","hex":"#FF7E27"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"IO Wait","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_iowait\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"cpu\")\n |> filter(fn: (r) => r[\"cpu\"] == \"cpu-total\")\n |> filter(fn: (r) => r[\"_field\"] == \"usage_iowait\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":22},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"QDwChKZWuQV0BaJcEeSam","name":"Atlantis","type":"scale","hex":"#74D495"},{"id":"ThD0WTqKHltQEVlq9mo6K","name":"Atlantis","type":"scale","hex":"#3F3FBA"},{"id":"FBHYZiwDLKyQK3eRfUD-0","name":"Atlantis","type":"scale","hex":"#FF4D9E"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Swap Usage","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> roleFilter()\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":26},{"axes":[{"base":"10","name":"x","scale":"linear"},{"base":"10","name":"y","scale":"linear","suffix":"b/s"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"heightRatio":0.18482490272373542,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Monitor Interface Drops - Inbound","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop_in\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"drop_in\"}))"},{"query":"import \"join\"\n\nhostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nmanints = from(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"node_config\")\n |> hostFilter()\n |> filter(fn: (r) => r[\"_field\"] == \"monint\")\n |> distinct()\n |> group(columns: [\"host\"])\n\ntraffic = from(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"net\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop_in\")\n |> hostFilter()\n |> roleFilter()\n |> derivative(unit: 1s, nonNegative: true, columns: [\"_value\"], timeColumn: \"_time\")\n |> map(fn: (r) => ({r with \"_value\": r._value * 8.0}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"host\"])\n\njoin.inner(left: traffic, right: manints,\n on: (l,r) => l.interface == r._value,\n as: (l, r) => ({l with _value: l._value, result: \"Trend\"}))"}],"staticLegend":{"colorizeRows":true,"heightRatio":0.18482490272373542,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":30},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":" days"}],"colorizeRows":true,"colors":[{"id":"3PVw3hQuZUzyar7Js3mMH","name":"Ectoplasm","type":"scale","hex":"#DA6FF1"},{"id":"O34ux-D8Xq_1-eeWRyYYH","name":"Ectoplasm","type":"scale","hex":"#00717A"},{"id":"P04RoKOHBdLdvfrfFbn0F","name":"Ectoplasm","type":"scale","hex":"#ACFF76"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Stenographer PCAP Retention","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"seconds\")\n |> map(fn: (r) => ({ r with _value: r._value / (24.0 * 3600.0)}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])"},{"query":"import \"join\"\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"seconds\")\n |> map(fn: (r) => ({ r with _value: r._value / (24.0 * 3600.0)}))\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> group(columns: [\"_field\",\"host\"])\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":4,"widthRatio":1,"xCol":"_time","xPos":8,"yCol":"_value","yPos":42},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Suricata Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"suridrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":9},{"colors":[{"id":"0","name":"viridian","type":"min","hex":"#32B08C"},{"id":"5IArg2lDb8KvnphywgUXa","name":"pineapple","type":"threshold","hex":"#FFB94A","value":50},{"id":"yFhH3mtavjuAZh6cEt5lx","name":"fire","type":"threshold","hex":"#DC4E58","value":70},{"id":"1","name":"ruby","type":"max","hex":"#BF3D5E","value":100}],"decimalPlaces":0,"height":4,"kind":"Gauge","name":"Swap Usage","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"swap\")\n |> filter(fn: (r) => r[\"_field\"] == \"used_percent\")\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n: 1)\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"}],"staticLegend":{},"suffix":"%","tickSuffix":"%","width":3,"xPos":9,"yPos":2},{"colors":[{"id":"base","name":"white","type":"text","hex":"#ffffff"}],"fieldOptions":[{"displayName":"Host","fieldName":"host","visible":true},{"displayName":"Name","fieldName":"container_name","visible":true},{"displayName":"Status","fieldName":"container_status","visible":true},{"displayName":"OOM Killed","fieldName":"_value","visible":true},{"displayName":"_start","fieldName":"_start","visible":true},{"displayName":"_stop","fieldName":"_stop","visible":true},{"displayName":"_time","fieldName":"_time","visible":true},{"displayName":"_field","fieldName":"_field","visible":true},{"displayName":"_measurement","fieldName":"_measurement","visible":true},{"displayName":"engine_host","fieldName":"engine_host","visible":true},{"displayName":"role","fieldName":"role","visible":true},{"displayName":"server_version","fieldName":"server_version","visible":true},{"displayName":"container_image","fieldName":"container_image","visible":true},{"displayName":"container_version","fieldName":"container_version","visible":true},{"displayName":"description","fieldName":"description","visible":true},{"displayName":"maintainer","fieldName":"maintainer","visible":true},{"displayName":"io.k8s.description","fieldName":"io.k8s.description","visible":true},{"displayName":"io.k8s.display-name","fieldName":"io.k8s.display-name","visible":true},{"displayName":"license","fieldName":"license","visible":true},{"displayName":"name","fieldName":"name","visible":true},{"displayName":"org.label-schema.build-date","fieldName":"org.label-schema.build-date","visible":true},{"displayName":"org.label-schema.license","fieldName":"org.label-schema.license","visible":true},{"displayName":"org.label-schema.name","fieldName":"org.label-schema.name","visible":true},{"displayName":"org.label-schema.schema-version","fieldName":"org.label-schema.schema-version","visible":true},{"displayName":"org.label-schema.url","fieldName":"org.label-schema.url","visible":true},{"displayName":"org.label-schema.vcs-ref","fieldName":"org.label-schema.vcs-ref","visible":true},{"displayName":"org.label-schema.vcs-url","fieldName":"org.label-schema.vcs-url","visible":true},{"displayName":"org.label-schema.vendor","fieldName":"org.label-schema.vendor","visible":true},{"displayName":"org.label-schema.version","fieldName":"org.label-schema.version","visible":true},{"displayName":"org.opencontainers.image.created","fieldName":"org.opencontainers.image.created","visible":true},{"displayName":"org.opencontainers.image.licenses","fieldName":"org.opencontainers.image.licenses","visible":true},{"displayName":"org.opencontainers.image.title","fieldName":"org.opencontainers.image.title","visible":true},{"displayName":"org.opencontainers.image.vendor","fieldName":"org.opencontainers.image.vendor","visible":true},{"displayName":"release","fieldName":"release","visible":true},{"displayName":"summary","fieldName":"summary","visible":true},{"displayName":"url","fieldName":"url","visible":true},{"displayName":"vendor","fieldName":"vendor","visible":true},{"displayName":"version","fieldName":"version","visible":true},{"displayName":"org.label-schema.usage","fieldName":"org.label-schema.usage","visible":true},{"displayName":"org.opencontainers.image.documentation","fieldName":"org.opencontainers.image.documentation","visible":true},{"displayName":"org.opencontainers.image.revision","fieldName":"org.opencontainers.image.revision","visible":true},{"displayName":"org.opencontainers.image.source","fieldName":"org.opencontainers.image.source","visible":true},{"displayName":"org.opencontainers.image.url","fieldName":"org.opencontainers.image.url","visible":true},{"displayName":"org.opencontainers.image.version","fieldName":"org.opencontainers.image.version","visible":true},{"displayName":"org.opencontainers.image.description","fieldName":"org.opencontainers.image.description","visible":true}],"height":4,"kind":"Table","name":"Most Recent Container Events","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"docker_container_status\")\n |> filter(fn: (r) => r[\"_field\"] == \"oomkilled\")\n |> filter(fn: (r) => r[\"container_status\"] != \"running\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"container_name\", \"host\"])\n |> last()\n |> group()\n |> keep(columns: [\"_value\", \"container_name\", \"host\", \"container_status\"])"}],"staticLegend":{},"tableOptions":{"sortBy":"container_name","verticalTimeAxis":true},"timeFormat":"YYYY-MM-DD HH:mm:ss","width":3,"xPos":9,"yPos":6},{"axes":[{"base":"10","name":"x","scale":"linear"},{"name":"y","scale":"linear","suffix":"%"}],"colorizeRows":true,"colors":[{"id":"TtgHQAXNep94KBgtu48C_","name":"Cthulhu","type":"scale","hex":"#FDC44F"},{"id":"_IuzkORho_8QXTE6vMllv","name":"Cthulhu","type":"scale","hex":"#007C76"},{"id":"bUszW_YI_9oColDbLNQ-d","name":"Cthulhu","type":"scale","hex":"#8983FF"}],"geom":"line","height":4,"hoverDimension":"auto","kind":"Xy","legendColorizeRows":true,"legendOpacity":1,"legendOrientationThreshold":100000000,"name":"Zeek Capture Loss","opacity":1,"orientationThreshold":100000000,"position":"overlaid","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"loss\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"mean\")"},{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nroleFilter = (tables=<-) =>\n if v.Role != \"(All)\" then\n tables |> filter(fn: (r) => r[\"role\"] == v.Role)\n else\n tables\n\nfrom(bucket: \"telegraf/so_long_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"zeekcaptureloss\")\n |> filter(fn: (r) => r[\"_field\"] == \"loss\")\n |> hostFilter()\n |> roleFilter()\n |> group(columns: [\"_field\", \"host\", \"role\"])\n |> aggregateWindow(every: v.windowPeriod, fn: mean, createEmpty: false)\n |> yield(name: \"Trend\")"}],"staticLegend":{"colorizeRows":true,"opacity":1,"orientationThreshold":100000000,"widthRatio":1},"width":3,"widthRatio":1,"xCol":"_time","xPos":9,"yCol":"_value","yPos":38},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"Stenographer Loss","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n\nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"stenodrop\")\n |> filter(fn: (r) => r[\"_field\"] == \"drop\")\n |> map(fn: (r) => ({r with _value: r._value * 100.0}))\n |> hostFilter()\n |> group(columns: [\"host\"])\n |> last()\n |> aggregateWindow(every: v.windowPeriod, fn: mean)\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":"%","width":1,"xPos":10},{"colors":[{"id":"base","name":"laser","type":"text","hex":"#00C9FF"}],"decimalPlaces":1,"height":2,"kind":"Single_Stat","name":"PCAP Retention","queries":[{"query":"hostFilter = (tables=<-) =>\n if v.Host != \"(All)\" then\n tables |> filter(fn: (r) => r[\"host\"] == v.Host)\n else\n tables\n \nfrom(bucket: \"telegraf/so_short_term\")\n |> range(start: v.timeRangeStart, stop: v.timeRangeStop)\n |> filter(fn: (r) => r[\"_measurement\"] == \"pcapage\")\n |> filter(fn: (r) => r[\"_field\"] == \"seconds\")\n |> hostFilter()\n |> map(fn: (r) => ({r with _value: r._value / (24.0 * 60.0 * 60.0)}))\n |> group(columns: [\"host\"])\n |> last()\n |> highestMax(n:1)"}],"staticLegend":{},"suffix":" days","width":1,"xPos":11}],"description":"Visualize the Security Onion grid performance metrics and alarm statuses.","name":"Security Onion Performance"}}] \ No newline at end of file From 790b3c5635ccbb698d0c53eb60805dd82cb27fca Mon Sep 17 00:00:00 2001 From: Wes Date: Wed, 15 Feb 2023 16:30:56 +0000 Subject: [PATCH 55/62] Replace 'so-*' index-pattern reference with 'logs-*' for Kibana dashboard visualizations --- salt/kibana/files/saved_objects.ndjson | 1648 ++++++++++++------------ 1 file changed, 824 insertions(+), 824 deletions(-) diff --git a/salt/kibana/files/saved_objects.ndjson b/salt/kibana/files/saved_objects.ndjson index 512ce1532..dfc24e660 100644 --- a/salt/kibana/files/saved_objects.ndjson +++ b/salt/kibana/files/saved_objects.ndjson @@ -1,824 +1,824 @@ -{"attributes":{"fieldFormatMap":"{\"match_body.source_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"match_body.destination_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"alert_info.slack_username_override\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert_info.slack_username_override.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_info.slack_webhook_url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert_info.slack_webhook_url.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_info.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert_info.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_sent\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"endtime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"exponent\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hits\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.@version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.signature_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.signature_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body._id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body._id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body._index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body._index.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body._type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body._type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.classification\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.classification.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.connection_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.connection_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.connection_state_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.connection_state_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.location.lat\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.location.lon\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.history\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.history.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.local_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.local_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.local_respond\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.local_respond.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.logstash_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.missed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.num_hits\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.num_matches\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.original_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_ipbytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.original_ipbytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.respond_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_ipbytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.respond_ipbytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.rev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.rev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.rule_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.rule_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.sensor_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.sensor_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.service.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.sid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.source.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.source_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.source_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.source_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-host_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-host_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-legacy_msghdr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-legacy_msghdr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-sourceip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-sourceip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.total_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.tunnel_parents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.tunnel_parents.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"matches\",\"type\":\"number\",\"count\":3,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_name\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"starttime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"time_taken\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traceback\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"traceback.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"until\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","notExpandable":true,"timeFieldName":"@timestamp","title":"*:elastalert_status*"},"coreMigrationVersion":"7.16.2","id":"*:elastalert_status*","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"sort":[1643385898421,9],"type":"index-pattern","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjY0LDE1XQ=="} -{"attributes":{"fieldFormatMap":"{\"_id\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/#/hunt?q=_id%3A{{value}}\",\"labelTemplate\":\"Hunt and optionally pivot to PCAP/Cases\"}},\"uid\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"source_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"destination_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"source_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'source_port:\\\"{{value}}\\\" OR destination_port:\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"destination_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'source_port:\\\"{{value}}\\\" OR destination_port:\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"fuid\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"resp_fuids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"orig_fuids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"sid\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"port\":{\"id\":\"number\",\"params\":{\"pattern\":\"0.[000]\"}},\"query\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"query.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"server_name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"server_name.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"virtual_host\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"virtual_host.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"indicator\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"indicator.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"file_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"file_ip.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"signature_info\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"{{rawValue}}\",\"labelTemplate\":\"{{value}}\"}},\"highest_registered_domain\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"highest_registered_domain.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"domain_name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"domain_name.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"duration\":{\"id\":\"duration\",\"params\":{\"outputFormat\":\"asSeconds\",\"outputPrecision\":6}},\"missed_bytes\":{\"id\":\"bytes\"},\"missing_bytes\":{\"id\":\"bytes\"},\"original_bytes\":{\"id\":\"bytes\"},\"original_ip_bytes\":{\"id\":\"bytes\"},\"overflow_bytes\":{\"id\":\"bytes\"},\"respond_bytes\":{\"id\":\"bytes\"},\"respond_ip_bytes\":{\"id\":\"bytes\"},\"seen_bytes\":{\"id\":\"bytes\"},\"total_bytes\":{\"id\":\"bytes\"},\"rtt\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0000000]\"}},\"uids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"osquery.LiveQuery\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"LiveQuery\"}},\"TheHive\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"\",\"labelTemplate\":\"Add2Hive\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"@version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"aa\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"aa.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ack\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ack.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"analyzer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"analyzer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"answers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"answers.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"auth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_attempts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints.path_len\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints_path_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat_host.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat_host.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"bound_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"call_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"call_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_exponent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_exponent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_after\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_before\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_number_days_valid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_permanent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_permanent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_signing_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_signing_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"checksum\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"checksum.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"class.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"classification\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"classification.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_build.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_digital_product_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_digital_product_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_fqdn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_fqdn.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_host_key_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_host_key_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"community\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"community.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"company.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compile_ts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compile_ts.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compression_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compression_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connect_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connect_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"content_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"content_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cookie\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cookie.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"current_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"current_directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.arch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.arch.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.dpkg_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.dpkg_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.file\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.file.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_cores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_cores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_mhz\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_mhz.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_free\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_free.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_total\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_total.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_usage\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_usage.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.broadcast\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.broadcast.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.dhcp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.dhcp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.gateway\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.gateway.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.metric\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.metric.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.netmask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.netmask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.dhcp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.dhcp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.netmask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.netmask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.mtu\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mtu.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_bytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_errors.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_packets\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_packets.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_bytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_errors.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_packets\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_packets.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.architecture.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.codename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.platform.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.release\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.release_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.sysname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.sysname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.package\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.package.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.inode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.local_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.local_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.remote_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.rx_queue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.rx_queue.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.tx_queue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.tx_queue.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.args.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.cmd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.cmd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.egroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.egroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.euser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.euser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.fgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.fgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.nice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.nice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.nlwp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.nlwp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.pgrp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pgrp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.ppid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.ppid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.processor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.processor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.resident\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.resident.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.rgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.rgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.ruser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.ruser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.session\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.session.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.sgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.sgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.share\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.share.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.start_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.start_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.stime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.stime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.suser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.suser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.tgid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.tgid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.utime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.utime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.vm_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.vm_size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.architecture.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.format\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.format.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.multiarch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.multiarch.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.section\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.section.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.vendor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.vendor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.pwd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.pwd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.title.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_passive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_channel_passive.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.ftscomment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.ftscomment.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.parent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.parent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"desktop_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_width\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_is_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dest_is_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_city.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_iso_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_iso_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_latitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_latitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_longitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_region.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"details\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"details.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dir\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dir.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"direction.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"display_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"display_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"enabled\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"enabled.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"endpoint.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry_location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry_location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"escalated_user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"escalated_user.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"established\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"established.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"exception\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"exception.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted_cutoff\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted_cutoff.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_request\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_request.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"first_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"first_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow_label\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"flow_label.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"forwardable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"forwardable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"framed_addr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"framed_addr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"freq_virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"freq_virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"frequency_scores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"frequency_scores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"full_log\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"full_log.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"function\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"function.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_bulk_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_bulk_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_responses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_responses.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_cert_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_cert_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_debug_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_debug_data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_export_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_export_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_import_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_import_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_server_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_server_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"helo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"helo.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"highest_registered_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"history\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"history.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hop_limit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hop_limit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"iin\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"iin.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"in_reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"in_reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"info_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"initiated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"initiated.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"input.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"input.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"integrity_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"integrity_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"interface\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"interface.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ecn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_ecn.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_offset.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_tos\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_tos.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_64bit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_64bit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_exe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_exe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_source_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_source_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_webmail\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_webmail.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_distinguished_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ja3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ja3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ja3s\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ja3s.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kex_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kex_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"keyboard_layout\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"keyboard_layout.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"launch_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"launch_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"lease_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"lease_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"length\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"length.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_respond\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_respond.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.file.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logged\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logged.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"machine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"machine.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_date.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"manager.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"manager.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"matched\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"matched.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"md5.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mimetype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mimetype.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missing_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"n\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"named_pipe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"named_pipe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"native_file_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"native_file_system.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"next_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"next_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nick\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nick.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"note\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"note.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ntlm_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"num_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"object_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"offset\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"operation.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"options\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"options.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"original_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"os.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.EndpointIP1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.EndpointIP1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.EndpointIP2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.EndpointIP2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.LiveQuery\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.LiveQuery.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.calendarTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.calendarTime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.codename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.gid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.gid_signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.gid_signed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.shell\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.shell.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uid_signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uid_signed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.counter\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.epoch\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hardware_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hardware_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hostIdentifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hostIdentifier.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.unixTime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_agent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_agent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"overflow_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"p\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"password.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"predecoder.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"predecoder.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"predecoder.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"predecoder.timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prev_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prev_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_arguments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_arguments.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_guid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"profile\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"profile.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"program.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prospector.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prospector.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proxied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proxied.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_class_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_type_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ra\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ra.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rcode_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reason.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"recipient_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"recipient_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"referrer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rejected\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rejected.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_location.country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_color_depth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_color_depth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_resource\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_resource.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"respond_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"result\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"result.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resumed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resumed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rows.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_signature.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"san_dns\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"san_dns.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"second_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"second_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"section_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"section_names.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"security_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"security_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_node\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_node.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_where\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_where.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sensor_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sensor_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seq\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seq.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sequence_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_dns_computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_dns_computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_host_key_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_host_key_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_major_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_minor_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_nb_computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_nb_computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_tree_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_tree_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"service.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"set_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"set_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"severity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_flag\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_flag.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signature_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"signer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"site\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"site.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sources\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sources.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_rule_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_rule_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subsystem\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subsystem.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"suppress_for\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.event.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.gid_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.gid_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.gname_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.gname_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.inode_after\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.md5_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.md5_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.md5_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.md5_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.mtime_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.mtime_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.mtime_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.mtime_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.perm_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.perm_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha1_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha1_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha1_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha1_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha256_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha256_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha256_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha256_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.size_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.size_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.size_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.size_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.uid_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.uid_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.uname_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.uname_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-legacy_msghdr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-legacy_msghdr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-sourceip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sysmon_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sysmon_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"target_filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"target_filename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tcp_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tcp_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"terminal_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"terminal_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timed_out\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timed_out.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_accessed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_accessed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_changed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_changed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_created\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_created.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_modified.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tld.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tld.subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"top_level_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"total_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tracker_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tracker_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"trans_depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"transaction_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ttls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_parents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_parents.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"unparsed_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"unparsed_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"up_since\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"up_since.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"urg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"urg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uri.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user_agent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"useragent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_aslr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_aslr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_code_integrity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_code_integrity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_dep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_dep.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_seh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_seh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_till\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_till.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"validation_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"validation_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"value.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"warning\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"warning.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.firedtimes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.gdpr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.gdpr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.gpg13\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.gpg13.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.groups\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.groups.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.mail\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.pci_dss\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.pci_dss.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"width\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"width.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"window\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"window.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x_originating_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"year\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"z\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"z.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"TheHive\",\"type\":\"string\",\"count\":0,\"scripted\":true,\"script\":\"'soctopus/thehive/case/' + doc['_id'].value\",\"lang\":\"painless\",\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false}]","notExpandable":true,"timeFieldName":"@timestamp","title":"*:logstash-*"},"coreMigrationVersion":"7.16.2","id":"*:logstash-*","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"sort":[1643385898421,10],"type":"index-pattern","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjY1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Security Onion - Network Data","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Network Data\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645) \\n \\n**Datasets** \\n[Connections](/kibana/app/dashboards#/view/0cc628b0-6e9f-11ea-9266-1fd14ca6af34) | [DCE/RPC](/kibana/app/dashboards#/view/9e882df0-72c5-11ea-8dd2-9d8795a1200b) |\\n[DHCP](/kibana/app/dashboards#/view/80625c10-96dd-11ea-814e-bb515e873c2c) \\n[DNP3](/kibana/app/dashboards#/view/b1f52180-755a-11ea-9565-7315f4ee5cac) | [DNS](/kibana/app/dashboards#/view/55ac6bf0-6ec4-11ea-9266-1fd14ca6af34) |\\n[FTP](/kibana/app/dashboards#/view/739bfad0-755a-11ea-9565-7315f4ee5cac) |\\n[HTTP](/kibana/app/dashboards#/view/44e9c820-6eb1-11ea-9266-1fd14ca6af34) | [Intel](/kibana/app/dashboards#/view/85b529a0-0e5a-11eb-a255-e1e8e85e3571) | [IRC](/kibana/app/dashboards#/view/38523560-75ba-11ea-9565-7315f4ee5cac) |\\n[Kerberos](/kibana/app/dashboards#/view/b207ab90-75bc-11ea-9565-7315f4ee5cac) \\n[Modbus](/kibana/app/dashboards#/view/886a7b90-75bd-11ea-9565-7315f4ee5cac) | \\n[MySQL](/kibana/app/dashboards#/view/c3ced6d0-75be-11ea-9565-7315f4ee5cac) | \\n[NTLM](/kibana/app/dashboards#/view/558292e0-75c1-11ea-9565-7315f4ee5cac) | \\n[PE](/kibana/app/dashboards#/view/94b55b90-c761-11ea-bebb-37c5ab5894ea) |\\n[RADIUS](/kibana/app/dashboards#/view/b9769e60-75c4-11ea-9565-7315f4ee5cac) | [RDP](/kibana/app/dashboards#/view/5b743150-75c5-11ea-9565-7315f4ee5cac) | \\n[RFB](/kibana/app/dashboards#/view/c8b3c360-75c6-11ea-9565-7315f4ee5cac) | [SIP](/kibana/app/dashboards#/view/dd98e260-75c6-11ea-9565-7315f4ee5cac) \\n[SMB](/kibana/app/dashboards#/view/f24d7b80-75c6-11ea-9565-7315f4ee5cac) | [SMTP](/kibana/app/dashboards#/view/00304500-75e7-11ea-9565-7315f4ee5cac) | [SNMP](/kibana/app/dashboards#/view/96522610-75e8-11ea-9565-7315f4ee5cac) | \\n[SSH](/kibana/app/dashboards#/view/9dfd77e0-75eb-11ea-9565-7315f4ee5cac) | [SSL](/kibana/app/dashboards#/view/efae8de0-75eb-11ea-9565-7315f4ee5cac) | [Syslog](/kibana/app/dashboards#/view/66499a20-75ed-11ea-9565-7315f4ee5cac) | [Tunnels](/kibana/app/dashboards#/view/c962dd60-75ed-11ea-9565-7315f4ee5cac) | [X.509](/kibana/app/dashboards#/view/2e0865f0-75ee-11ea-9565-7315f4ee5cac) \\n\"}}"},"coreMigrationVersion":"7.16.2","id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[],"sort":[1643385898421,11],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjY2LDE1XQ=="} -{"attributes":{"fieldFormatMap":"{\"network.community_id\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:network.community_id,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(network.community_id:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"source.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip:'{{ value }}')),(term:(destination.ip:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"destination.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip:'{{ value }}')),(term:(destination.ip:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"source.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.port:'{{ value }}')),(term:(destination.port:'{{ value }}')))),meta:(alias:'source.port:%20!'{{ value }}!'%20OR%20destination.port:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.port%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.port%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"destination.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.port:'{{ value }}')),(term:(destination.port:'{{ value }}')))),meta:(alias:'source.port:%20!'{{ value }}!'%20OR%20destination.port:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.port%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.port%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.fuid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.fuid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.fuid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.fuid.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.fuid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.fuid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.uid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.uid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.uid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.uid.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.uid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.uid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"_id\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://PLACEHOLDER/#/hunt?q=_id%3A{{value}}\",\"labelTemplate\":\"Hunt and optionally pivot to PCAP/Cases\"}},\"client.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"server.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"event.dataset\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.dataset.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.dataset.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.dataset.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.dataset.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.dataset.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.module\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.module.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.module.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.module.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"agent.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:agent.name.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(agent.name.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"agent.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:agent.name.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(agent.name.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"rule.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.name:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:''),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"rule.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.name:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:''),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"osquery.result.live_query\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://PLACEHOLDER/fleet/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"Live Query\"}},\"osquery.result.live_query.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://PLACEHOLDER/fleet/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"Live Query\"}},\"connection.state_description\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.state_description,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(connection.state_description:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"connection.state_description.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.state_description,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(connection.state_description:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"rule.category.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.category,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.category:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"rule.category\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.category,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.category:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"rule.uuid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.uuid,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.uuid:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"connection.history\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.history,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(connection.history:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"connection.history.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.history,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(connection.history:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.message_types\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.message_types,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dhcp.message_types:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.message_types.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.message_types,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dhcp.message_types:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.requested_address\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.requested_address,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.requested_address:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.requested_address.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.requested_address,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.requested_address:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.assigned_ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.assigned_ip,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.assigned_ip:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.assigned_ip.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.assigned_ip,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.assigned_ip:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"host.mac\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:host.mac,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(host.mac:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"host.mac.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:host.mac,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(host.mac:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.lease_time\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.lease_time,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.lease_time:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.query.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.query.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.query.name:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.query.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.query.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.query.name:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.answers.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.answers.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.answers.name:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.answers.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.answers.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.answers.name:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.response.code_name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.response.code_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dns.response.code_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.response.code_name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.response.code_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dns.response.code_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.mime_type\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.mime_type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.mime_type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.mime_type.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.mime_type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.mime_type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.argument\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.argument,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ftp.argument:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.argument.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.argument,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ftp.argument:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.user\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.user,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.user:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.user.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.user,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.user:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.password\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.password,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.password:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.password.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.password,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.password:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.useragent\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.useragent,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(http.useragent:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.useragent.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.useragent,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(http.useragent:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.method\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.method,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.method:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.method.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.method,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.method:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.virtual_host\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.virtual_host,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.virtual_host:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.virtual_host.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.virtual_host,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.virtual_host:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.uri.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.uri.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.uri.keyword:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.uri\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.uri.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.uri.keyword:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.note.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.note,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.note:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.message.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.message,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.message:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.note\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.note,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.note:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.message\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.message,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.message:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.server_name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.server_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ssl.server_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.server_name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.server_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ssl.server_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.subject\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.subject,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ssl.certificate.subject:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.subject.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.subject,negate:!f,params:(query:'O%3DDefault%20Company%20Ltd,L%3DDefault%20City,C%3DXX'),type:phrase),query:(match_phrase:(ssl.certificate.subject:'O%3DDefault%20Company%20Ltd,L%3DDefault%20City,C%3DXX')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.issuer\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ssl.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.issuer.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ssl.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.facility_label\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.facility_label,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.facility_label:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.facility_label\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.facility_label,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.facility_label:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.severity_label\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.severity_label,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.severity_label:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.severity_label\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.severity_label,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.severity_label:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.subject\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.subject,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.subject:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.subject.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.subject,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.subject:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.issuer\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.issuer.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.san_dns\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.san_dns,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.san_dns:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.san_dns.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.san_dns,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.san_dns:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.key.type\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.key.type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(x509.certificate.key.type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:edit)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.key.type.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.key.type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(x509.certificate.key.type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:edit)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.ephemeral_id\"}}},{\"name\":\"agent.ephemeral_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.ephemeral_id\"}}},{\"name\":\"agent.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.hostname\"}}},{\"name\":\"agent.hostname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.hostname\"}}},{\"name\":\"agent.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.id\"}}},{\"name\":\"agent.id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.id\"}}},{\"name\":\"agent.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.name\"}}},{\"name\":\"agent.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.name\"}}},{\"name\":\"agent.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.type\"}}},{\"name\":\"agent.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.type\"}}},{\"name\":\"agent.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.version\"}}},{\"name\":\"agent.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.version\"}}},{\"name\":\"client.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.address\"}}},{\"name\":\"client.address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"client.address\"}}},{\"name\":\"client.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.id.product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.id.product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.id.product\"}}},{\"name\":\"client.id.product.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"client.id.product\"}}},{\"name\":\"client.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.ip_bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.name\"}}},{\"name\":\"client.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"client.name\"}}},{\"name\":\"client.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.port\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.user_agent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.user_agent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.user_agent\"}}},{\"name\":\"client.user_agent.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"client.user_agent\"}}},{\"name\":\"connection.bytes.missed\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.history\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.history.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.history\"}}},{\"name\":\"connection.history.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"connection.history\"}}},{\"name\":\"connection.local.originator\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.local.responder\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.state\"}}},{\"name\":\"connection.state.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"connection.state\"}}},{\"name\":\"connection.state_description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.state_description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.state_description\"}}},{\"name\":\"connection.state_description.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"connection.state_description\"}}},{\"name\":\"data.euid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.euid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.euid\"}}},{\"name\":\"data.euid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.euid\"}}},{\"name\":\"data.file\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.file.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.file\"}}},{\"name\":\"data.file.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.file\"}}},{\"name\":\"data.hardware.cpu_cores\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_cores.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_cores\"}}},{\"name\":\"data.hardware.cpu_cores.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_cores\"}}},{\"name\":\"data.hardware.cpu_mhz\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_mhz.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_mhz\"}}},{\"name\":\"data.hardware.cpu_mhz.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_mhz\"}}},{\"name\":\"data.hardware.cpu_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_name\"}}},{\"name\":\"data.hardware.cpu_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_name\"}}},{\"name\":\"data.hardware.ram_free\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_free.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_free\"}}},{\"name\":\"data.hardware.ram_free.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_free\"}}},{\"name\":\"data.hardware.ram_total\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_total.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_total\"}}},{\"name\":\"data.hardware.ram_total.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_total\"}}},{\"name\":\"data.hardware.ram_usage\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_usage.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_usage\"}}},{\"name\":\"data.hardware.ram_usage.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_usage\"}}},{\"name\":\"data.hardware.serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.serial\"}}},{\"name\":\"data.hardware.serial.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.serial\"}}},{\"name\":\"data.hotfix\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hotfix.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hotfix\"}}},{\"name\":\"data.hotfix.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hotfix\"}}},{\"name\":\"data.logname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.logname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.logname\"}}},{\"name\":\"data.logname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.logname\"}}},{\"name\":\"data.netinfo.iface.adapter\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.adapter.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.adapter\"}}},{\"name\":\"data.netinfo.iface.adapter.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.adapter\"}}},{\"name\":\"data.netinfo.iface.ipv4.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.address\"}}},{\"name\":\"data.netinfo.iface.ipv4.address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.address\"}}},{\"name\":\"data.netinfo.iface.ipv4.broadcast\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.broadcast.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.broadcast\"}}},{\"name\":\"data.netinfo.iface.ipv4.broadcast.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.broadcast\"}}},{\"name\":\"data.netinfo.iface.ipv4.dhcp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.dhcp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.dhcp\"}}},{\"name\":\"data.netinfo.iface.ipv4.dhcp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.dhcp\"}}},{\"name\":\"data.netinfo.iface.ipv4.gateway\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.gateway.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.gateway\"}}},{\"name\":\"data.netinfo.iface.ipv4.gateway.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.gateway\"}}},{\"name\":\"data.netinfo.iface.ipv4.metric\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.metric.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.metric\"}}},{\"name\":\"data.netinfo.iface.ipv4.metric.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.metric\"}}},{\"name\":\"data.netinfo.iface.ipv4.netmask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.netmask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.netmask\"}}},{\"name\":\"data.netinfo.iface.ipv4.netmask.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.netmask\"}}},{\"name\":\"data.netinfo.iface.ipv6.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.address\"}}},{\"name\":\"data.netinfo.iface.ipv6.address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.address\"}}},{\"name\":\"data.netinfo.iface.ipv6.dhcp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.dhcp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.dhcp\"}}},{\"name\":\"data.netinfo.iface.ipv6.dhcp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.dhcp\"}}},{\"name\":\"data.netinfo.iface.ipv6.gateway\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.gateway.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.gateway\"}}},{\"name\":\"data.netinfo.iface.ipv6.gateway.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.gateway\"}}},{\"name\":\"data.netinfo.iface.ipv6.metric\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.metric.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.metric\"}}},{\"name\":\"data.netinfo.iface.ipv6.metric.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.metric\"}}},{\"name\":\"data.netinfo.iface.ipv6.netmask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.netmask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.netmask\"}}},{\"name\":\"data.netinfo.iface.ipv6.netmask.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.netmask\"}}},{\"name\":\"data.netinfo.iface.mac\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mac.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.mac\"}}},{\"name\":\"data.netinfo.iface.mac.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.mac\"}}},{\"name\":\"data.netinfo.iface.mtu\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mtu.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.mtu\"}}},{\"name\":\"data.netinfo.iface.mtu.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.mtu\"}}},{\"name\":\"data.netinfo.iface.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.name\"}}},{\"name\":\"data.netinfo.iface.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.name\"}}},{\"name\":\"data.netinfo.iface.rx_bytes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_bytes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_bytes\"}}},{\"name\":\"data.netinfo.iface.rx_bytes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_bytes\"}}},{\"name\":\"data.netinfo.iface.rx_dropped\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_dropped.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_dropped\"}}},{\"name\":\"data.netinfo.iface.rx_dropped.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_dropped\"}}},{\"name\":\"data.netinfo.iface.rx_errors\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_errors.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_errors\"}}},{\"name\":\"data.netinfo.iface.rx_errors.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_errors\"}}},{\"name\":\"data.netinfo.iface.rx_packets\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_packets.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_packets\"}}},{\"name\":\"data.netinfo.iface.rx_packets.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_packets\"}}},{\"name\":\"data.netinfo.iface.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.state\"}}},{\"name\":\"data.netinfo.iface.state.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.state\"}}},{\"name\":\"data.netinfo.iface.tx_bytes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_bytes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_bytes\"}}},{\"name\":\"data.netinfo.iface.tx_bytes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_bytes\"}}},{\"name\":\"data.netinfo.iface.tx_dropped\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_dropped.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_dropped\"}}},{\"name\":\"data.netinfo.iface.tx_dropped.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_dropped\"}}},{\"name\":\"data.netinfo.iface.tx_errors\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_errors.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_errors\"}}},{\"name\":\"data.netinfo.iface.tx_errors.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_errors\"}}},{\"name\":\"data.netinfo.iface.tx_packets\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_packets.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_packets\"}}},{\"name\":\"data.netinfo.iface.tx_packets.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_packets\"}}},{\"name\":\"data.netinfo.iface.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.type\"}}},{\"name\":\"data.netinfo.iface.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.type\"}}},{\"name\":\"data.os.architecture\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.architecture.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.architecture\"}}},{\"name\":\"data.os.architecture.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.architecture\"}}},{\"name\":\"data.os.build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.build\"}}},{\"name\":\"data.os.build.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.build\"}}},{\"name\":\"data.os.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.hostname\"}}},{\"name\":\"data.os.hostname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.hostname\"}}},{\"name\":\"data.os.major\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.major.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.major\"}}},{\"name\":\"data.os.major.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.major\"}}},{\"name\":\"data.os.minor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.minor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.minor\"}}},{\"name\":\"data.os.minor.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.minor\"}}},{\"name\":\"data.os.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.name\"}}},{\"name\":\"data.os.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.name\"}}},{\"name\":\"data.os.os_release\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.os_release.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.os_release\"}}},{\"name\":\"data.os.os_release.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.os_release\"}}},{\"name\":\"data.os.platform\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.platform.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.platform\"}}},{\"name\":\"data.os.platform.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.platform\"}}},{\"name\":\"data.os.release\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.release\"}}},{\"name\":\"data.os.release.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.release\"}}},{\"name\":\"data.os.release_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.release_version\"}}},{\"name\":\"data.os.release_version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.release_version\"}}},{\"name\":\"data.os.sysname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.sysname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.sysname\"}}},{\"name\":\"data.os.sysname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.sysname\"}}},{\"name\":\"data.os.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.version\"}}},{\"name\":\"data.os.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.version\"}}},{\"name\":\"data.port.inode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.inode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.inode\"}}},{\"name\":\"data.port.inode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.inode\"}}},{\"name\":\"data.port.local_ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.local_ip\"}}},{\"name\":\"data.port.local_ip.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.local_ip\"}}},{\"name\":\"data.port.local_port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.local_port\"}}},{\"name\":\"data.port.local_port.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.local_port\"}}},{\"name\":\"data.port.pid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.pid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.pid\"}}},{\"name\":\"data.port.pid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.pid\"}}},{\"name\":\"data.port.process\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.process.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.process\"}}},{\"name\":\"data.port.process.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.process\"}}},{\"name\":\"data.port.protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.protocol\"}}},{\"name\":\"data.port.protocol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.protocol\"}}},{\"name\":\"data.port.remote_ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.remote_ip\"}}},{\"name\":\"data.port.remote_ip.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.remote_ip\"}}},{\"name\":\"data.port.remote_port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.remote_port\"}}},{\"name\":\"data.port.remote_port.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.remote_port\"}}},{\"name\":\"data.port.rx_queue\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.rx_queue.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.rx_queue\"}}},{\"name\":\"data.port.rx_queue.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.rx_queue\"}}},{\"name\":\"data.port.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.state\"}}},{\"name\":\"data.port.state.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.state\"}}},{\"name\":\"data.port.tx_queue\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.tx_queue.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.tx_queue\"}}},{\"name\":\"data.port.tx_queue.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.tx_queue\"}}},{\"name\":\"data.pwd\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.pwd.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.pwd\"}}},{\"name\":\"data.pwd.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.pwd\"}}},{\"name\":\"data.srcuser\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.srcuser.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.srcuser\"}}},{\"name\":\"data.srcuser.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.srcuser\"}}},{\"name\":\"data.title\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.title.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.title\"}}},{\"name\":\"data.title.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.title\"}}},{\"name\":\"data.tty\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.tty.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.tty\"}}},{\"name\":\"data.tty.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.tty\"}}},{\"name\":\"data.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.type\"}}},{\"name\":\"data.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.type\"}}},{\"name\":\"data.uid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.uid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.uid\"}}},{\"name\":\"data.uid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.uid\"}}},{\"name\":\"dce_rpc.endpoint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.endpoint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.endpoint\"}}},{\"name\":\"dce_rpc.endpoint.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.endpoint\"}}},{\"name\":\"dce_rpc.named_pipe\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.named_pipe.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.named_pipe\"}}},{\"name\":\"dce_rpc.named_pipe.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.named_pipe\"}}},{\"name\":\"dce_rpc.operation\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.operation.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.operation\"}}},{\"name\":\"dce_rpc.operation.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.operation\"}}},{\"name\":\"destination.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.city_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.city_name\"}}},{\"name\":\"destination.geo.city_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.city_name\"}}},{\"name\":\"destination.geo.continent_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.continent_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.continent_name\"}}},{\"name\":\"destination.geo.continent_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.continent_name\"}}},{\"name\":\"destination.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.country_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_iso_code\"}}},{\"name\":\"destination.geo.country_iso_code.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_iso_code\"}}},{\"name\":\"destination.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.country_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_name\"}}},{\"name\":\"destination.geo.country_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_name\"}}},{\"name\":\"destination.geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.location.lat\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.location.lon\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.region_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.region_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_iso_code\"}}},{\"name\":\"destination.geo.region_iso_code.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_iso_code\"}}},{\"name\":\"destination.geo.region_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.region_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_name\"}}},{\"name\":\"destination.geo.region_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_name\"}}},{\"name\":\"destination.geo.timezone\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.timezone.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.timezone\"}}},{\"name\":\"destination.geo.timezone.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.timezone\"}}},{\"name\":\"destination.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.assigned_ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.assigned_ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.assigned_ip\"}}},{\"name\":\"dhcp.assigned_ip.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dhcp.assigned_ip\"}}},{\"name\":\"dhcp.lease_time\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.message_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.message_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.message_types\"}}},{\"name\":\"dhcp.message_types.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dhcp.message_types\"}}},{\"name\":\"dhcp.requested_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.requested_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.requested_address\"}}},{\"name\":\"dhcp.requested_address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dhcp.requested_address\"}}},{\"name\":\"dnp3.fc_reply\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dnp3.fc_reply.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_reply\"}}},{\"name\":\"dnp3.fc_reply.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_reply\"}}},{\"name\":\"dnp3.fc_request\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dnp3.fc_request.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_request\"}}},{\"name\":\"dnp3.fc_request.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_request\"}}},{\"name\":\"dnp3.iin\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.answers.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.answers.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.answers.name\"}}},{\"name\":\"dns.answers.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.answers.name\"}}},{\"name\":\"dns.authoritative\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.highest_registered_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.highest_registered_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.highest_registered_domain\"}}},{\"name\":\"dns.highest_registered_domain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.highest_registered_domain\"}}},{\"name\":\"dns.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.parent_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.parent_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.parent_domain\"}}},{\"name\":\"dns.parent_domain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.parent_domain\"}}},{\"name\":\"dns.parent_domain_length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.class\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.class_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.class_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.class_name\"}}},{\"name\":\"dns.query.class_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.query.class_name\"}}},{\"name\":\"dns.query.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.name\"}}},{\"name\":\"dns.query.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.query.name\"}}},{\"name\":\"dns.query.rejected\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.type\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.type_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.type_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.type_name\"}}},{\"name\":\"dns.query.type_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.query.type_name\"}}},{\"name\":\"dns.recursion.available\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.recursion.desired\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.reserved\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.response.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.response.code_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.response.code_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.response.code_name\"}}},{\"name\":\"dns.response.code_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.response.code_name\"}}},{\"name\":\"dns.subdomain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.subdomain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.subdomain\"}}},{\"name\":\"dns.subdomain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.subdomain\"}}},{\"name\":\"dns.subdomain_length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.top_level_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.top_level_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.top_level_domain\"}}},{\"name\":\"dns.top_level_domain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.top_level_domain\"}}},{\"name\":\"dns.truncated\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.ttls\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ecs.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ecs.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ecs.version\"}}},{\"name\":\"ecs.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ecs.version\"}}},{\"name\":\"error.reason\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error.reason.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"error.reason\"}}},{\"name\":\"error.reason.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"error.reason\"}}},{\"name\":\"event.acknowledged\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.action\"}}},{\"name\":\"event.action.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.action\"}}},{\"name\":\"event.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.category\"}}},{\"name\":\"event.category.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.category\"}}},{\"name\":\"event.code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.code\"}}},{\"name\":\"event.code.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.code\"}}},{\"name\":\"event.created\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.created.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.created\"}}},{\"name\":\"event.created.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.created\"}}},{\"name\":\"event.dataset\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.dataset.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.dataset\"}}},{\"name\":\"event.dataset.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.dataset\"}}},{\"name\":\"event.duration\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.escalated\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.kind\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.kind.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.kind\"}}},{\"name\":\"event.kind.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.kind\"}}},{\"name\":\"event.module\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.module.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.module\"}}},{\"name\":\"event.module.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.module\"}}},{\"name\":\"event.provider\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.provider.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.provider\"}}},{\"name\":\"event.provider.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.provider\"}}},{\"name\":\"event.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.severity_label\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.severity_label.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.severity_label\"}}},{\"name\":\"event.severity_label.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.severity_label\"}}},{\"name\":\"event.timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.timestamp\"}}},{\"name\":\"event.timestamp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.timestamp\"}}},{\"name\":\"file.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.action\"}}},{\"name\":\"file.action.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.action\"}}},{\"name\":\"file.analyzer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.analyzer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.analyzer\"}}},{\"name\":\"file.analyzer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.analyzer\"}}},{\"name\":\"file.aslr\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.missing\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.overflow\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.seen\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_integrity\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.compile_timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.compile_timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.compile_timestamp\"}}},{\"name\":\"file.compile_timestamp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.compile_timestamp\"}}},{\"name\":\"file.debug_data\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.dep\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.description\"}}},{\"name\":\"file.description.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.description\"}}},{\"name\":\"file.extracted.cutoff\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.extracted.filename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.extracted.filename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.extracted.filename\"}}},{\"name\":\"file.extracted.filename.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.extracted.filename\"}}},{\"name\":\"file.flavors.mime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.flavors.mime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.flavors.mime\"}}},{\"name\":\"file.flavors.mime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.flavors.mime\"}}},{\"name\":\"file.flavors.yara\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.flavors.yara.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.flavors.yara\"}}},{\"name\":\"file.flavors.yara.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.flavors.yara\"}}},{\"name\":\"file.is_64bit\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.is_exe\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.is_orig\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.local_orig\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.machine\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.machine.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.machine\"}}},{\"name\":\"file.machine.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.machine\"}}},{\"name\":\"file.mime_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.mime_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.mime_type\"}}},{\"name\":\"file.mime_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.mime_type\"}}},{\"name\":\"file.mimetype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.mimetype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.mimetype\"}}},{\"name\":\"file.mimetype.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.mimetype\"}}},{\"name\":\"file.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.name\"}}},{\"name\":\"file.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.name\"}}},{\"name\":\"file.orig_filenames\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.orig_filenames.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.orig_filenames\"}}},{\"name\":\"file.orig_filenames.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.orig_filenames\"}}},{\"name\":\"file.orig_mime_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.orig_mime_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.orig_mime_types\"}}},{\"name\":\"file.orig_mime_types.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.orig_mime_types\"}}},{\"name\":\"file.os\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.os.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.os\"}}},{\"name\":\"file.os.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.os\"}}},{\"name\":\"file.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.path\"}}},{\"name\":\"file.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.path\"}}},{\"name\":\"file.resp_filenames\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.resp_filenames.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.resp_filenames\"}}},{\"name\":\"file.resp_filenames.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.resp_filenames\"}}},{\"name\":\"file.resp_mime_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.resp_mime_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.resp_mime_types\"}}},{\"name\":\"file.resp_mime_types.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.resp_mime_types\"}}},{\"name\":\"file.scanners\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.scanners.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.scanners\"}}},{\"name\":\"file.scanners.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.scanners\"}}},{\"name\":\"file.section_names\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.section_names.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.section_names\"}}},{\"name\":\"file.section_names.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.section_names\"}}},{\"name\":\"file.seh\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.source\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.source.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.source\"}}},{\"name\":\"file.source.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.source\"}}},{\"name\":\"file.subsystem\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.subsystem.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.subsystem\"}}},{\"name\":\"file.subsystem.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.subsystem\"}}},{\"name\":\"file.table.cert\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.table.export\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.table.import\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.target.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.target\"}}},{\"name\":\"file.target.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.target\"}}},{\"name\":\"file.timed_out\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.times_accessed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_accessed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_accessed\"}}},{\"name\":\"file.times_accessed.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.times_accessed\"}}},{\"name\":\"file.times_changed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_changed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_changed\"}}},{\"name\":\"file.times_changed.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.times_changed\"}}},{\"name\":\"file.times_created\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_created.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_created\"}}},{\"name\":\"file.times_created.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.times_created\"}}},{\"name\":\"file.times_modified\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_modified.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_modified\"}}},{\"name\":\"file.times_modified.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.times_modified\"}}},{\"name\":\"file.tree.node\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.tree.node.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.tree.node\"}}},{\"name\":\"file.tree.node.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.tree.node\"}}},{\"name\":\"file.tree.parent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.tree.parent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.tree.parent\"}}},{\"name\":\"file.tree.parent.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.tree.parent\"}}},{\"name\":\"file.tree.root\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.tree.root.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.tree.root\"}}},{\"name\":\"file.tree.root.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.tree.root\"}}},{\"name\":\"ftp.argument\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.argument.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.argument\"}}},{\"name\":\"ftp.argument.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ftp.argument\"}}},{\"name\":\"ftp.command\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.command.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.command\"}}},{\"name\":\"ftp.command.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ftp.command\"}}},{\"name\":\"ftp.data_channel_destination.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.data_channel_destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.data_channel_passive\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.data_channel_source.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.password\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.password.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.password\"}}},{\"name\":\"ftp.password.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ftp.password\"}}},{\"name\":\"ftp.user\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.user.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.user\"}}},{\"name\":\"ftp.user.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ftp.user\"}}},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hash.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hash.hassh\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.hassh.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.hassh\"}}},{\"name\":\"hash.hassh.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.hassh\"}}},{\"name\":\"hash.ja3\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ja3.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ja3\"}}},{\"name\":\"hash.ja3.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.ja3\"}}},{\"name\":\"hash.ja3s\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ja3s.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ja3s\"}}},{\"name\":\"hash.ja3s.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.ja3s\"}}},{\"name\":\"hash.md5\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.md5.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.md5\"}}},{\"name\":\"hash.md5.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.md5\"}}},{\"name\":\"hash.sha1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.sha1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.sha1\"}}},{\"name\":\"hash.sha1.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.sha1\"}}},{\"name\":\"hash.sha256\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.sha256.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.sha256\"}}},{\"name\":\"hash.sha256.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.sha256\"}}},{\"name\":\"hash.ssdeep\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ssdeep.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ssdeep\"}}},{\"name\":\"hash.ssdeep.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.ssdeep\"}}},{\"name\":\"host.architecture\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.architecture.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.architecture\"}}},{\"name\":\"host.architecture.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.architecture\"}}},{\"name\":\"host.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.domain\"}}},{\"name\":\"host.domain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.domain\"}}},{\"name\":\"host.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.hostname\"}}},{\"name\":\"host.hostname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.hostname\"}}},{\"name\":\"host.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.id\"}}},{\"name\":\"host.id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.id\"}}},{\"name\":\"host.mac\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.mac.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.mac\"}}},{\"name\":\"host.mac.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.mac\"}}},{\"name\":\"host.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.name\"}}},{\"name\":\"host.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.name\"}}},{\"name\":\"host.os.build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.build\"}}},{\"name\":\"host.os.build.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.build\"}}},{\"name\":\"host.os.family\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.family.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.family\"}}},{\"name\":\"host.os.family.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.family\"}}},{\"name\":\"host.os.kernel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.kernel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.kernel\"}}},{\"name\":\"host.os.kernel.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.kernel\"}}},{\"name\":\"host.os.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.name\"}}},{\"name\":\"host.os.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.name\"}}},{\"name\":\"host.os.platform\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.platform.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.platform\"}}},{\"name\":\"host.os.platform.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.platform\"}}},{\"name\":\"host.os.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.version\"}}},{\"name\":\"host.os.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.version\"}}},{\"name\":\"host.syscheck.changed_attributes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.changed_attributes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.changed_attributes\"}}},{\"name\":\"host.syscheck.changed_attributes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.changed_attributes\"}}},{\"name\":\"host.syscheck.event\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.event.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.event\"}}},{\"name\":\"host.syscheck.event.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.event\"}}},{\"name\":\"host.syscheck.gid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.gid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gid_after\"}}},{\"name\":\"host.syscheck.gid_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gid_after\"}}},{\"name\":\"host.syscheck.gname_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.gname_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gname_after\"}}},{\"name\":\"host.syscheck.gname_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gname_after\"}}},{\"name\":\"host.syscheck.inode_after\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.syscheck.md5_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.md5_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_after\"}}},{\"name\":\"host.syscheck.md5_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_after\"}}},{\"name\":\"host.syscheck.md5_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.md5_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_before\"}}},{\"name\":\"host.syscheck.md5_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_before\"}}},{\"name\":\"host.syscheck.mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mode\"}}},{\"name\":\"host.syscheck.mode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mode\"}}},{\"name\":\"host.syscheck.mtime_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.mtime_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_after\"}}},{\"name\":\"host.syscheck.mtime_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_after\"}}},{\"name\":\"host.syscheck.mtime_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.mtime_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_before\"}}},{\"name\":\"host.syscheck.mtime_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_before\"}}},{\"name\":\"host.syscheck.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.path\"}}},{\"name\":\"host.syscheck.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.path\"}}},{\"name\":\"host.syscheck.perm_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.perm_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.perm_after\"}}},{\"name\":\"host.syscheck.perm_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.perm_after\"}}},{\"name\":\"host.syscheck.sha1_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha1_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_after\"}}},{\"name\":\"host.syscheck.sha1_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_after\"}}},{\"name\":\"host.syscheck.sha1_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha1_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_before\"}}},{\"name\":\"host.syscheck.sha1_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_before\"}}},{\"name\":\"host.syscheck.sha256_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha256_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_after\"}}},{\"name\":\"host.syscheck.sha256_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_after\"}}},{\"name\":\"host.syscheck.sha256_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha256_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_before\"}}},{\"name\":\"host.syscheck.sha256_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_before\"}}},{\"name\":\"host.syscheck.size_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.size_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.size_after\"}}},{\"name\":\"host.syscheck.size_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.size_after\"}}},{\"name\":\"host.syscheck.size_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.size_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.size_before\"}}},{\"name\":\"host.syscheck.size_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.size_before\"}}},{\"name\":\"host.syscheck.uid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.uid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uid_after\"}}},{\"name\":\"host.syscheck.uid_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uid_after\"}}},{\"name\":\"host.syscheck.uname_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.uname_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uname_after\"}}},{\"name\":\"host.syscheck.uname_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uname_after\"}}},{\"name\":\"http.info_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.info_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.info_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.info_message\"}}},{\"name\":\"http.info_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.info_message\"}}},{\"name\":\"http.method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.method\"}}},{\"name\":\"http.method.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.method\"}}},{\"name\":\"http.proxied\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.proxied.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.proxied\"}}},{\"name\":\"http.proxied.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.proxied\"}}},{\"name\":\"http.referrer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.referrer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.referrer\"}}},{\"name\":\"http.referrer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.referrer\"}}},{\"name\":\"http.request.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.status_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.status_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.status_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.status_message\"}}},{\"name\":\"http.status_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.status_message\"}}},{\"name\":\"http.trans_depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.uri\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.uri.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.uri\"}}},{\"name\":\"http.uri.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.uri\"}}},{\"name\":\"http.useragent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.useragent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.useragent\"}}},{\"name\":\"http.useragent.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.useragent\"}}},{\"name\":\"http.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.version\"}}},{\"name\":\"http.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.version\"}}},{\"name\":\"http.virtual_host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.virtual_host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.virtual_host\"}}},{\"name\":\"http.virtual_host.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.virtual_host\"}}},{\"name\":\"ingest.timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ingest.timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ingest.timestamp\"}}},{\"name\":\"ingest.timestamp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ingest.timestamp\"}}},{\"name\":\"intel.indicator\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.indicator.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.indicator\"}}},{\"name\":\"intel.indicator_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.indicator_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.indicator_type\"}}},{\"name\":\"intel.indicator_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"intel.indicator_type\"}}},{\"name\":\"intel.matched\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.matched.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.matched\"}}},{\"name\":\"intel.matched.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"intel.matched\"}}},{\"name\":\"intel.seen_node\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.seen_node.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.seen_node\"}}},{\"name\":\"intel.seen_node.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"intel.seen_node\"}}},{\"name\":\"intel.seen_where\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.seen_where.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.seen_where\"}}},{\"name\":\"intel.seen_where.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"intel.seen_where\"}}},{\"name\":\"intel.sources\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.sources.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.sources\"}}},{\"name\":\"intel.sources.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"intel.sources\"}}},{\"name\":\"irc.command.info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.info\"}}},{\"name\":\"irc.command.info.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"irc.command.info\"}}},{\"name\":\"irc.command.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.type\"}}},{\"name\":\"irc.command.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"irc.command.type\"}}},{\"name\":\"irc.command.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.value\"}}},{\"name\":\"irc.command.value.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"irc.command.value\"}}},{\"name\":\"irc.nickname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.nickname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.nickname\"}}},{\"name\":\"irc.nickname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"irc.nickname\"}}},{\"name\":\"irc.username\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.username.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.username\"}}},{\"name\":\"irc.username.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"irc.username\"}}},{\"name\":\"kerberos.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.client\"}}},{\"name\":\"kerberos.client.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.client\"}}},{\"name\":\"kerberos.client_certificate_subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.client_certificate_subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.client_certificate_subject\"}}},{\"name\":\"kerberos.client_certificate_subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.client_certificate_subject\"}}},{\"name\":\"kerberos.error_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.error_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.error_message\"}}},{\"name\":\"kerberos.error_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.error_message\"}}},{\"name\":\"kerberos.request_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.request_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.request_type\"}}},{\"name\":\"kerberos.request_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.request_type\"}}},{\"name\":\"kerberos.server_certificate_subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.server_certificate_subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.server_certificate_subject\"}}},{\"name\":\"kerberos.server_certificate_subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.server_certificate_subject\"}}},{\"name\":\"kerberos.service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.service.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.service\"}}},{\"name\":\"kerberos.service.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.service\"}}},{\"name\":\"kerberos.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.cipher\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.cipher.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.cipher\"}}},{\"name\":\"kerberos.ticket.cipher.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.cipher\"}}},{\"name\":\"kerberos.ticket.forwardable\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.renewable\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.valid.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.valid.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.from\"}}},{\"name\":\"kerberos.ticket.valid.from.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.from\"}}},{\"name\":\"kerberos.ticket.valid.until\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.valid.until.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.until\"}}},{\"name\":\"kerberos.ticket.valid.until.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.until\"}}},{\"name\":\"log.file.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.file.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.file.path\"}}},{\"name\":\"log.file.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.file.path\"}}},{\"name\":\"log.full\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.full.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.full\"}}},{\"name\":\"log.full.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.full\"}}},{\"name\":\"log.id.client_certificate_fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.client_certificate_fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.client_certificate_fuid\"}}},{\"name\":\"log.id.client_certificate_fuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.client_certificate_fuid\"}}},{\"name\":\"log.id.fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.fuid\"}}},{\"name\":\"log.id.fuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.fuid\"}}},{\"name\":\"log.id.fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.fuids\"}}},{\"name\":\"log.id.fuids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.fuids\"}}},{\"name\":\"log.id.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.id\"}}},{\"name\":\"log.id.id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.id\"}}},{\"name\":\"log.id.orig_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.orig_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.orig_fuids\"}}},{\"name\":\"log.id.orig_fuids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.orig_fuids\"}}},{\"name\":\"log.id.resp_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.resp_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.resp_fuids\"}}},{\"name\":\"log.id.resp_fuids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.resp_fuids\"}}},{\"name\":\"log.id.server_certificate_fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.server_certificate_fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.server_certificate_fuid\"}}},{\"name\":\"log.id.server_certificate_fuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.server_certificate_fuid\"}}},{\"name\":\"log.id.tunnel_parents\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.tunnel_parents.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.tunnel_parents\"}}},{\"name\":\"log.id.tunnel_parents.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.tunnel_parents\"}}},{\"name\":\"log.id.uid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.uid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.uid\"}}},{\"name\":\"log.id.uid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.uid\"}}},{\"name\":\"log.id.uids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.uids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.uids\"}}},{\"name\":\"log.id.uids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.uids\"}}},{\"name\":\"log.level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.level\"}}},{\"name\":\"log.level.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.level\"}}},{\"name\":\"log.location\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.location.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.location\"}}},{\"name\":\"log.location.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.location\"}}},{\"name\":\"log.offset\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.previous_log\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.previous_log.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.previous_log\"}}},{\"name\":\"log.previous_log.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.previous_log\"}}},{\"name\":\"log.previous_output\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.previous_output.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.previous_output\"}}},{\"name\":\"log.previous_output.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.previous_output\"}}},{\"name\":\"manager.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"manager.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"manager.name\"}}},{\"name\":\"manager.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"manager.name\"}}},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"message\"}}},{\"name\":\"modbus.function\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"modbus.function.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"modbus.function\"}}},{\"name\":\"modbus.function.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"modbus.function\"}}},{\"name\":\"mysql.argument\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.argument.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.argument\"}}},{\"name\":\"mysql.argument.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"mysql.argument\"}}},{\"name\":\"mysql.command\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.command.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.command\"}}},{\"name\":\"mysql.command.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"mysql.command\"}}},{\"name\":\"mysql.response\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.response.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.response\"}}},{\"name\":\"mysql.response.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"mysql.response\"}}},{\"name\":\"mysql.rows\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.community_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.community_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.community_id\"}}},{\"name\":\"network.community_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"network.community_id\"}}},{\"name\":\"network.data.decoded\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.data.decoded.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.data.decoded\"}}},{\"name\":\"network.data.decoded.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"network.data.decoded\"}}},{\"name\":\"network.protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.protocol\"}}},{\"name\":\"network.protocol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"network.protocol\"}}},{\"name\":\"network.transport\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.transport.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.transport\"}}},{\"name\":\"network.transport.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"network.transport\"}}},{\"name\":\"notice.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.action\"}}},{\"name\":\"notice.action.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"notice.action\"}}},{\"name\":\"notice.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.message\"}}},{\"name\":\"notice.message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"notice.message\"}}},{\"name\":\"notice.note\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.note.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.note\"}}},{\"name\":\"notice.note.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"notice.note\"}}},{\"name\":\"notice.p\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notice.peer_description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.peer_description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.peer_description\"}}},{\"name\":\"notice.peer_description.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"notice.peer_description\"}}},{\"name\":\"notice.sub_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.sub_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.sub_message\"}}},{\"name\":\"notice.sub_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"notice.sub_message\"}}},{\"name\":\"notice.suppress_for\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ntlm.server.dns.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.dns.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.dns.name\"}}},{\"name\":\"ntlm.server.dns.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.dns.name\"}}},{\"name\":\"ntlm.server.nb.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.nb.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.nb.name\"}}},{\"name\":\"ntlm.server.nb.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.nb.name\"}}},{\"name\":\"ntlm.server.tree.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.tree.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.tree.name\"}}},{\"name\":\"ntlm.server.tree.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.tree.name\"}}},{\"name\":\"ntlm.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"observer.analyzer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"observer.analyzer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"observer.analyzer\"}}},{\"name\":\"observer.analyzer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"observer.analyzer\"}}},{\"name\":\"observer.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"observer.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"observer.name\"}}},{\"name\":\"observer.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"observer.name\"}}},{\"name\":\"osquery.result.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.action\"}}},{\"name\":\"osquery.result.action.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.action\"}}},{\"name\":\"osquery.result.calendarTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.calendarTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.calendarTime\"}}},{\"name\":\"osquery.result.calendarTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.calendarTime\"}}},{\"name\":\"osquery.result.codename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.codename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.codename\"}}},{\"name\":\"osquery.result.codename.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.codename\"}}},{\"name\":\"osquery.result.columns.command\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.command.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.command\"}}},{\"name\":\"osquery.result.columns.command.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.command\"}}},{\"name\":\"osquery.result.columns.day_of_month\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.day_of_month.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.day_of_month\"}}},{\"name\":\"osquery.result.columns.day_of_month.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.day_of_month\"}}},{\"name\":\"osquery.result.columns.day_of_week\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.day_of_week.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.day_of_week\"}}},{\"name\":\"osquery.result.columns.day_of_week.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.day_of_week\"}}},{\"name\":\"osquery.result.columns.days\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.days.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.days\"}}},{\"name\":\"osquery.result.columns.days.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.days\"}}},{\"name\":\"osquery.result.columns.event\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.event.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.event\"}}},{\"name\":\"osquery.result.columns.event.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.event\"}}},{\"name\":\"osquery.result.columns.hour\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.hour.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.hour\"}}},{\"name\":\"osquery.result.columns.hour.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.hour\"}}},{\"name\":\"osquery.result.columns.hours\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.hours.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.hours\"}}},{\"name\":\"osquery.result.columns.hours.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.hours\"}}},{\"name\":\"osquery.result.columns.minute\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.minute.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.minute\"}}},{\"name\":\"osquery.result.columns.minute.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.minute\"}}},{\"name\":\"osquery.result.columns.minutes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.minutes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.minutes\"}}},{\"name\":\"osquery.result.columns.minutes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.minutes\"}}},{\"name\":\"osquery.result.columns.month\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.month.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.month\"}}},{\"name\":\"osquery.result.columns.month.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.month\"}}},{\"name\":\"osquery.result.columns.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.path\"}}},{\"name\":\"osquery.result.columns.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.path\"}}},{\"name\":\"osquery.result.columns.seconds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.seconds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.seconds\"}}},{\"name\":\"osquery.result.columns.seconds.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.seconds\"}}},{\"name\":\"osquery.result.columns.total_seconds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.total_seconds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.total_seconds\"}}},{\"name\":\"osquery.result.columns.total_seconds.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.total_seconds\"}}},{\"name\":\"osquery.result.counter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.endpoint_ip1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.endpoint_ip1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip1\"}}},{\"name\":\"osquery.result.endpoint_ip1.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip1\"}}},{\"name\":\"osquery.result.endpoint_ip2\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.endpoint_ip2.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip2\"}}},{\"name\":\"osquery.result.endpoint_ip2.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip2\"}}},{\"name\":\"osquery.result.epoch\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.hardware_serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.hardware_serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hardware_serial\"}}},{\"name\":\"osquery.result.hardware_serial.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hardware_serial\"}}},{\"name\":\"osquery.result.hostIdentifier\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.hostIdentifier.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hostIdentifier\"}}},{\"name\":\"osquery.result.hostIdentifier.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hostIdentifier\"}}},{\"name\":\"osquery.result.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hostname\"}}},{\"name\":\"osquery.result.hostname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hostname\"}}},{\"name\":\"osquery.result.live_query\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.live_query.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.live_query\"}}},{\"name\":\"osquery.result.live_query.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.live_query\"}}},{\"name\":\"osquery.result.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.name\"}}},{\"name\":\"osquery.result.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.name\"}}},{\"name\":\"osquery.result.numerics\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.unixTime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.args.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.args\"}}},{\"name\":\"process.args.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.args\"}}},{\"name\":\"process.cmd\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.cmd.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.cmd\"}}},{\"name\":\"process.cmd.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.cmd\"}}},{\"name\":\"process.command_line\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.command_line.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.command_line\"}}},{\"name\":\"process.command_line.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.command_line\"}}},{\"name\":\"process.egroup\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.egroup.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.egroup\"}}},{\"name\":\"process.egroup.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.egroup\"}}},{\"name\":\"process.entity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.entity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.entity_id\"}}},{\"name\":\"process.entity_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.entity_id\"}}},{\"name\":\"process.euser\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.euser.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.euser\"}}},{\"name\":\"process.euser.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.euser\"}}},{\"name\":\"process.executable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.executable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.executable\"}}},{\"name\":\"process.executable.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.executable\"}}},{\"name\":\"process.fgroup\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.fgroup.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.fgroup\"}}},{\"name\":\"process.fgroup.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.fgroup\"}}},{\"name\":\"process.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.name\"}}},{\"name\":\"process.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.name\"}}},{\"name\":\"process.nice\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.nice.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.nice\"}}},{\"name\":\"process.nice.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.nice\"}}},{\"name\":\"process.nlwp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.nlwp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.nlwp\"}}},{\"name\":\"process.nlwp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.nlwp\"}}},{\"name\":\"process.parent.command_line\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.command_line.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.command_line\"}}},{\"name\":\"process.parent.command_line.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.parent.command_line\"}}},{\"name\":\"process.parent.entity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.entity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.entity_id\"}}},{\"name\":\"process.parent.entity_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.parent.entity_id\"}}},{\"name\":\"process.parent.executable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.executable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.executable\"}}},{\"name\":\"process.parent.executable.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.parent.executable\"}}},{\"name\":\"process.pe.company\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.company.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.company\"}}},{\"name\":\"process.pe.company.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pe.company\"}}},{\"name\":\"process.pe.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.description\"}}},{\"name\":\"process.pe.description.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pe.description\"}}},{\"name\":\"process.pe.file_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.file_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.file_version\"}}},{\"name\":\"process.pe.file_version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pe.file_version\"}}},{\"name\":\"process.pe.original_file_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.original_file_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.original_file_name\"}}},{\"name\":\"process.pe.original_file_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pe.original_file_name\"}}},{\"name\":\"process.pe.product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.product\"}}},{\"name\":\"process.pe.product.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pe.product\"}}},{\"name\":\"process.pgrp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pgrp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pgrp\"}}},{\"name\":\"process.pgrp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pgrp\"}}},{\"name\":\"process.pid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pid\"}}},{\"name\":\"process.pid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pid\"}}},{\"name\":\"process.ppid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.ppid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.ppid\"}}},{\"name\":\"process.ppid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.ppid\"}}},{\"name\":\"process.priority\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.priority.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.priority\"}}},{\"name\":\"process.priority.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.priority\"}}},{\"name\":\"process.processor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.processor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.processor\"}}},{\"name\":\"process.processor.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.processor\"}}},{\"name\":\"process.resident\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.resident.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.resident\"}}},{\"name\":\"process.resident.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.resident\"}}},{\"name\":\"process.rgroup\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.rgroup.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.rgroup\"}}},{\"name\":\"process.rgroup.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.rgroup\"}}},{\"name\":\"process.ruser\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.ruser.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.ruser\"}}},{\"name\":\"process.ruser.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.ruser\"}}},{\"name\":\"process.session\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.session.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.session\"}}},{\"name\":\"process.session.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.session\"}}},{\"name\":\"process.sgroup\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.sgroup.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.sgroup\"}}},{\"name\":\"process.sgroup.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.sgroup\"}}},{\"name\":\"process.share\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.share.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.share\"}}},{\"name\":\"process.share.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.share\"}}},{\"name\":\"process.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.size\"}}},{\"name\":\"process.size.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.size\"}}},{\"name\":\"process.start_time\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.start_time.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.start_time\"}}},{\"name\":\"process.start_time.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.start_time\"}}},{\"name\":\"process.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.state\"}}},{\"name\":\"process.state.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.state\"}}},{\"name\":\"process.stime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.stime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.stime\"}}},{\"name\":\"process.stime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.stime\"}}},{\"name\":\"process.suser\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.suser.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.suser\"}}},{\"name\":\"process.suser.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.suser\"}}},{\"name\":\"process.tgid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.tgid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.tgid\"}}},{\"name\":\"process.tgid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.tgid\"}}},{\"name\":\"process.tty\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.tty.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.tty\"}}},{\"name\":\"process.tty.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.tty\"}}},{\"name\":\"process.utime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.utime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.utime\"}}},{\"name\":\"process.utime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.utime\"}}},{\"name\":\"process.vm_size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.vm_size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.vm_size\"}}},{\"name\":\"process.vm_size.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.vm_size\"}}},{\"name\":\"process.working_directory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.working_directory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.working_directory\"}}},{\"name\":\"process.working_directory.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.working_directory\"}}},{\"name\":\"radius.framed_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.framed_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.framed_address\"}}},{\"name\":\"radius.framed_address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"radius.framed_address\"}}},{\"name\":\"radius.reply_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.reply_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.reply_message\"}}},{\"name\":\"radius.reply_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"radius.reply_message\"}}},{\"name\":\"radius.result\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.result.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.result\"}}},{\"name\":\"radius.result.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"radius.result\"}}},{\"name\":\"rdp.certificate_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.certificate_permanent\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.certificate_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.certificate_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.certificate_type\"}}},{\"name\":\"rdp.certificate_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.certificate_type\"}}},{\"name\":\"rdp.client_build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.client_build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.client_build\"}}},{\"name\":\"rdp.client_build.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.client_build\"}}},{\"name\":\"rdp.cookie\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.cookie.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.cookie\"}}},{\"name\":\"rdp.cookie.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.cookie\"}}},{\"name\":\"rdp.desktop.height\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.desktop.width\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.encryption_level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.encryption_level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_level\"}}},{\"name\":\"rdp.encryption_level.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_level\"}}},{\"name\":\"rdp.encryption_method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.encryption_method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_method\"}}},{\"name\":\"rdp.encryption_method.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_method\"}}},{\"name\":\"rdp.keyboard_layout\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.keyboard_layout.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.keyboard_layout\"}}},{\"name\":\"rdp.keyboard_layout.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.keyboard_layout\"}}},{\"name\":\"rdp.requested_color_depth\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.requested_color_depth.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.requested_color_depth\"}}},{\"name\":\"rdp.requested_color_depth.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.requested_color_depth\"}}},{\"name\":\"rdp.result\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.result.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.result\"}}},{\"name\":\"rdp.result.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.result\"}}},{\"name\":\"rdp.security_protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.security_protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.security_protocol\"}}},{\"name\":\"rdp.security_protocol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.security_protocol\"}}},{\"name\":\"request.attributes.filename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.attributes.filename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.attributes.filename\"}}},{\"name\":\"request.attributes.filename.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"request.attributes.filename\"}}},{\"name\":\"request.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.client\"}}},{\"name\":\"request.client.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"request.client\"}}},{\"name\":\"request.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.id\"}}},{\"name\":\"request.id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"request.id\"}}},{\"name\":\"request.source\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.source.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.source\"}}},{\"name\":\"request.source.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"request.source\"}}},{\"name\":\"request.time\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.action\"}}},{\"name\":\"rule.action.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.action\"}}},{\"name\":\"rule.author\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.author.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.author\"}}},{\"name\":\"rule.author.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.author\"}}},{\"name\":\"rule.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.category\"}}},{\"name\":\"rule.category.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.category\"}}},{\"name\":\"rule.date\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.date.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.date\"}}},{\"name\":\"rule.date.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.date\"}}},{\"name\":\"rule.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.description\"}}},{\"name\":\"rule.description.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.description\"}}},{\"name\":\"rule.filetype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.filetype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.filetype\"}}},{\"name\":\"rule.filetype.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.filetype\"}}},{\"name\":\"rule.firedtimes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.gdpr\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.gdpr.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.gdpr\"}}},{\"name\":\"rule.gdpr.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.gdpr\"}}},{\"name\":\"rule.gid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.gpg13\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.gpg13.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.gpg13\"}}},{\"name\":\"rule.gpg13.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.gpg13\"}}},{\"name\":\"rule.groups\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.groups.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.groups\"}}},{\"name\":\"rule.groups.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.groups\"}}},{\"name\":\"rule.hash1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.hash1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.hash1\"}}},{\"name\":\"rule.hash1.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.hash1\"}}},{\"name\":\"rule.hipaa\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.hipaa.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.hipaa\"}}},{\"name\":\"rule.hipaa.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.hipaa\"}}},{\"name\":\"rule.info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.info\"}}},{\"name\":\"rule.info.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.info\"}}},{\"name\":\"rule.level\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.mail\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.maltype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.maltype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.maltype\"}}},{\"name\":\"rule.maltype.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.maltype\"}}},{\"name\":\"rule.metadata.affected_product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.affected_product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.affected_product\"}}},{\"name\":\"rule.metadata.affected_product.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.affected_product\"}}},{\"name\":\"rule.metadata.attack_target\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.attack_target.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.attack_target\"}}},{\"name\":\"rule.metadata.attack_target.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.attack_target\"}}},{\"name\":\"rule.metadata.created_at\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.created_at.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.created_at\"}}},{\"name\":\"rule.metadata.created_at.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.created_at\"}}},{\"name\":\"rule.metadata.deployment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.deployment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.deployment\"}}},{\"name\":\"rule.metadata.deployment.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.deployment\"}}},{\"name\":\"rule.metadata.former_category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.former_category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.former_category\"}}},{\"name\":\"rule.metadata.former_category.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.former_category\"}}},{\"name\":\"rule.metadata.malware_family\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.malware_family.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.malware_family\"}}},{\"name\":\"rule.metadata.malware_family.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.malware_family\"}}},{\"name\":\"rule.metadata.performance_impact\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.performance_impact.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.performance_impact\"}}},{\"name\":\"rule.metadata.performance_impact.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.performance_impact\"}}},{\"name\":\"rule.metadata.signature_severity\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.signature_severity.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.signature_severity\"}}},{\"name\":\"rule.metadata.signature_severity.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.signature_severity\"}}},{\"name\":\"rule.metadata.tag\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.tag.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.tag\"}}},{\"name\":\"rule.metadata.tag.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.tag\"}}},{\"name\":\"rule.metadata.updated_at\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.updated_at.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.updated_at\"}}},{\"name\":\"rule.metadata.updated_at.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.updated_at\"}}},{\"name\":\"rule.mitre.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.mitre.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.id\"}}},{\"name\":\"rule.mitre.id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.id\"}}},{\"name\":\"rule.mitre.tactic\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.mitre.tactic.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.tactic\"}}},{\"name\":\"rule.mitre.tactic.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.tactic\"}}},{\"name\":\"rule.mitre.technique\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.mitre.technique.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.technique\"}}},{\"name\":\"rule.mitre.technique.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.technique\"}}},{\"name\":\"rule.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.name\"}}},{\"name\":\"rule.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.name\"}}},{\"name\":\"rule.nist_800_53\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.nist_800_53.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.nist_800_53\"}}},{\"name\":\"rule.nist_800_53.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.nist_800_53\"}}},{\"name\":\"rule.pci_dss\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.pci_dss.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.pci_dss\"}}},{\"name\":\"rule.pci_dss.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.pci_dss\"}}},{\"name\":\"rule.reference\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.reference.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.reference\"}}},{\"name\":\"rule.reference.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.reference\"}}},{\"name\":\"rule.rev\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.rule\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.rule.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.rule\"}}},{\"name\":\"rule.rule.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.rule\"}}},{\"name\":\"rule.ruleset\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.ruleset.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.ruleset\"}}},{\"name\":\"rule.ruleset.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.ruleset\"}}},{\"name\":\"rule.score\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.tsc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.tsc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.tsc\"}}},{\"name\":\"rule.tsc.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.tsc\"}}},{\"name\":\"rule.uuid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.entropy.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.entropy.entropy\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.exiftool.About\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.About.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.About\"}}},{\"name\":\"scan.exiftool.About.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.About\"}}},{\"name\":\"scan.exiftool.AppVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.AppVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.AppVersion\"}}},{\"name\":\"scan.exiftool.AppVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.AppVersion\"}}},{\"name\":\"scan.exiftool.Author\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Author.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Author\"}}},{\"name\":\"scan.exiftool.Author.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Author\"}}},{\"name\":\"scan.exiftool.BitDepth\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.BitDepth.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BitDepth\"}}},{\"name\":\"scan.exiftool.BitDepth.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BitDepth\"}}},{\"name\":\"scan.exiftool.BuildID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.BuildID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BuildID\"}}},{\"name\":\"scan.exiftool.BuildID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BuildID\"}}},{\"name\":\"scan.exiftool.CharCountWithSpaces\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CharCountWithSpaces.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharCountWithSpaces\"}}},{\"name\":\"scan.exiftool.CharCountWithSpaces.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharCountWithSpaces\"}}},{\"name\":\"scan.exiftool.CharacterSet\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CharacterSet.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharacterSet\"}}},{\"name\":\"scan.exiftool.CharacterSet.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharacterSet\"}}},{\"name\":\"scan.exiftool.Characters\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Characters.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Characters\"}}},{\"name\":\"scan.exiftool.Characters.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Characters\"}}},{\"name\":\"scan.exiftool.CodePage\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CodePage.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodePage\"}}},{\"name\":\"scan.exiftool.CodePage.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodePage\"}}},{\"name\":\"scan.exiftool.CodeSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CodeSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodeSize\"}}},{\"name\":\"scan.exiftool.CodeSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodeSize\"}}},{\"name\":\"scan.exiftool.ColorType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ColorType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ColorType\"}}},{\"name\":\"scan.exiftool.ColorType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ColorType\"}}},{\"name\":\"scan.exiftool.Comments\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Comments.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Comments\"}}},{\"name\":\"scan.exiftool.Comments.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Comments\"}}},{\"name\":\"scan.exiftool.CompObjUserType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CompObjUserType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserType\"}}},{\"name\":\"scan.exiftool.CompObjUserType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserType\"}}},{\"name\":\"scan.exiftool.CompObjUserTypeLen\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CompObjUserTypeLen.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserTypeLen\"}}},{\"name\":\"scan.exiftool.CompObjUserTypeLen.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserTypeLen\"}}},{\"name\":\"scan.exiftool.Company\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Company.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Company\"}}},{\"name\":\"scan.exiftool.Company.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Company\"}}},{\"name\":\"scan.exiftool.CompanyName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CompanyName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompanyName\"}}},{\"name\":\"scan.exiftool.CompanyName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompanyName\"}}},{\"name\":\"scan.exiftool.Compression\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Compression.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Compression\"}}},{\"name\":\"scan.exiftool.Compression.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Compression\"}}},{\"name\":\"scan.exiftool.CreateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CreateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreateDate\"}}},{\"name\":\"scan.exiftool.CreateDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreateDate\"}}},{\"name\":\"scan.exiftool.Creator\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Creator.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Creator\"}}},{\"name\":\"scan.exiftool.Creator.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Creator\"}}},{\"name\":\"scan.exiftool.CreatorTool\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CreatorTool.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreatorTool\"}}},{\"name\":\"scan.exiftool.CreatorTool.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreatorTool\"}}},{\"name\":\"scan.exiftool.DerivedFromDocumentID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.DerivedFromDocumentID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromDocumentID\"}}},{\"name\":\"scan.exiftool.DerivedFromDocumentID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromDocumentID\"}}},{\"name\":\"scan.exiftool.DerivedFromInstanceID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.DerivedFromInstanceID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromInstanceID\"}}},{\"name\":\"scan.exiftool.DerivedFromInstanceID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromInstanceID\"}}},{\"name\":\"scan.exiftool.Directory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Directory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Directory\"}}},{\"name\":\"scan.exiftool.Directory.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Directory\"}}},{\"name\":\"scan.exiftool.DocumentID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.DocumentID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DocumentID\"}}},{\"name\":\"scan.exiftool.DocumentID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DocumentID\"}}},{\"name\":\"scan.exiftool.EntryPoint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.EntryPoint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.EntryPoint\"}}},{\"name\":\"scan.exiftool.EntryPoint.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.EntryPoint\"}}},{\"name\":\"scan.exiftool.Error\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Error.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Error\"}}},{\"name\":\"scan.exiftool.Error.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Error\"}}},{\"name\":\"scan.exiftool.ExifToolVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ExifToolVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ExifToolVersion\"}}},{\"name\":\"scan.exiftool.ExifToolVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ExifToolVersion\"}}},{\"name\":\"scan.exiftool.FileAccessDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileAccessDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileAccessDate\"}}},{\"name\":\"scan.exiftool.FileAccessDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileAccessDate\"}}},{\"name\":\"scan.exiftool.FileDescription\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileDescription.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileDescription\"}}},{\"name\":\"scan.exiftool.FileDescription.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileDescription\"}}},{\"name\":\"scan.exiftool.FileFlags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileFlags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlags\"}}},{\"name\":\"scan.exiftool.FileFlags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlags\"}}},{\"name\":\"scan.exiftool.FileFlagsMask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileFlagsMask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlagsMask\"}}},{\"name\":\"scan.exiftool.FileFlagsMask.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlagsMask\"}}},{\"name\":\"scan.exiftool.FileInodeChangeDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileInodeChangeDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileInodeChangeDate\"}}},{\"name\":\"scan.exiftool.FileInodeChangeDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileInodeChangeDate\"}}},{\"name\":\"scan.exiftool.FileModifyDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileModifyDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileModifyDate\"}}},{\"name\":\"scan.exiftool.FileModifyDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileModifyDate\"}}},{\"name\":\"scan.exiftool.FileName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileName\"}}},{\"name\":\"scan.exiftool.FileName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileName\"}}},{\"name\":\"scan.exiftool.FileOS\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileOS.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileOS\"}}},{\"name\":\"scan.exiftool.FileOS.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileOS\"}}},{\"name\":\"scan.exiftool.FilePermissions\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FilePermissions.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FilePermissions\"}}},{\"name\":\"scan.exiftool.FilePermissions.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FilePermissions\"}}},{\"name\":\"scan.exiftool.FileSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSize\"}}},{\"name\":\"scan.exiftool.FileSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSize\"}}},{\"name\":\"scan.exiftool.FileSubtype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileSubtype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSubtype\"}}},{\"name\":\"scan.exiftool.FileSubtype.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSubtype\"}}},{\"name\":\"scan.exiftool.FileType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileType\"}}},{\"name\":\"scan.exiftool.FileType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileType\"}}},{\"name\":\"scan.exiftool.FileTypeExtension\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileTypeExtension.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileTypeExtension\"}}},{\"name\":\"scan.exiftool.FileTypeExtension.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileTypeExtension\"}}},{\"name\":\"scan.exiftool.FileVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersion\"}}},{\"name\":\"scan.exiftool.FileVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersion\"}}},{\"name\":\"scan.exiftool.FileVersionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileVersionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersionNumber\"}}},{\"name\":\"scan.exiftool.FileVersionNumber.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersionNumber\"}}},{\"name\":\"scan.exiftool.Filter\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Filter.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Filter\"}}},{\"name\":\"scan.exiftool.Filter.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Filter\"}}},{\"name\":\"scan.exiftool.Format\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Format.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Format\"}}},{\"name\":\"scan.exiftool.Format.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Format\"}}},{\"name\":\"scan.exiftool.HasXFA\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.HasXFA.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HasXFA\"}}},{\"name\":\"scan.exiftool.HasXFA.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HasXFA\"}}},{\"name\":\"scan.exiftool.HeadingPairs\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.HeadingPairs.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HeadingPairs\"}}},{\"name\":\"scan.exiftool.HeadingPairs.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HeadingPairs\"}}},{\"name\":\"scan.exiftool.HyperlinksChanged\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.HyperlinksChanged.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HyperlinksChanged\"}}},{\"name\":\"scan.exiftool.HyperlinksChanged.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HyperlinksChanged\"}}},{\"name\":\"scan.exiftool.ImageHeight\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageHeight.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageHeight\"}}},{\"name\":\"scan.exiftool.ImageHeight.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageHeight\"}}},{\"name\":\"scan.exiftool.ImageSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageSize\"}}},{\"name\":\"scan.exiftool.ImageSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageSize\"}}},{\"name\":\"scan.exiftool.ImageVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageVersion\"}}},{\"name\":\"scan.exiftool.ImageVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageVersion\"}}},{\"name\":\"scan.exiftool.ImageWidth\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageWidth.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageWidth\"}}},{\"name\":\"scan.exiftool.ImageWidth.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageWidth\"}}},{\"name\":\"scan.exiftool.InitializedDataSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.InitializedDataSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InitializedDataSize\"}}},{\"name\":\"scan.exiftool.InitializedDataSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InitializedDataSize\"}}},{\"name\":\"scan.exiftool.InstanceID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.InstanceID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InstanceID\"}}},{\"name\":\"scan.exiftool.InstanceID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InstanceID\"}}},{\"name\":\"scan.exiftool.Interlace\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Interlace.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Interlace\"}}},{\"name\":\"scan.exiftool.Interlace.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Interlace\"}}},{\"name\":\"scan.exiftool.InternalName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.InternalName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InternalName\"}}},{\"name\":\"scan.exiftool.InternalName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InternalName\"}}},{\"name\":\"scan.exiftool.Keywords\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Keywords.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Keywords\"}}},{\"name\":\"scan.exiftool.Keywords.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Keywords\"}}},{\"name\":\"scan.exiftool.Language\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Language.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Language\"}}},{\"name\":\"scan.exiftool.Language.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Language\"}}},{\"name\":\"scan.exiftool.LanguageCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LanguageCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LanguageCode\"}}},{\"name\":\"scan.exiftool.LanguageCode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LanguageCode\"}}},{\"name\":\"scan.exiftool.LastModifiedBy\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LastModifiedBy.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LastModifiedBy\"}}},{\"name\":\"scan.exiftool.LastModifiedBy.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LastModifiedBy\"}}},{\"name\":\"scan.exiftool.LegalCopyright\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LegalCopyright.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalCopyright\"}}},{\"name\":\"scan.exiftool.LegalCopyright.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalCopyright\"}}},{\"name\":\"scan.exiftool.LegalTrademarks\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LegalTrademarks.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalTrademarks\"}}},{\"name\":\"scan.exiftool.LegalTrademarks.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalTrademarks\"}}},{\"name\":\"scan.exiftool.Linearized\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Linearized.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Linearized\"}}},{\"name\":\"scan.exiftool.Linearized.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Linearized\"}}},{\"name\":\"scan.exiftool.Lines\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Lines.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Lines\"}}},{\"name\":\"scan.exiftool.Lines.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Lines\"}}},{\"name\":\"scan.exiftool.LinkerVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LinkerVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinkerVersion\"}}},{\"name\":\"scan.exiftool.LinkerVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinkerVersion\"}}},{\"name\":\"scan.exiftool.LinksUpToDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LinksUpToDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinksUpToDate\"}}},{\"name\":\"scan.exiftool.LinksUpToDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinksUpToDate\"}}},{\"name\":\"scan.exiftool.MIMEType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.MIMEType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MIMEType\"}}},{\"name\":\"scan.exiftool.MIMEType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MIMEType\"}}},{\"name\":\"scan.exiftool.MachineType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.MachineType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MachineType\"}}},{\"name\":\"scan.exiftool.MachineType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MachineType\"}}},{\"name\":\"scan.exiftool.Megapixels\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Megapixels.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Megapixels\"}}},{\"name\":\"scan.exiftool.Megapixels.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Megapixels\"}}},{\"name\":\"scan.exiftool.ModifyDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ModifyDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ModifyDate\"}}},{\"name\":\"scan.exiftool.ModifyDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ModifyDate\"}}},{\"name\":\"scan.exiftool.OSVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.OSVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OSVersion\"}}},{\"name\":\"scan.exiftool.OSVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OSVersion\"}}},{\"name\":\"scan.exiftool.ObjectFileType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ObjectFileType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ObjectFileType\"}}},{\"name\":\"scan.exiftool.ObjectFileType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ObjectFileType\"}}},{\"name\":\"scan.exiftool.OriginalFileName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.OriginalFileName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OriginalFileName\"}}},{\"name\":\"scan.exiftool.OriginalFileName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OriginalFileName\"}}},{\"name\":\"scan.exiftool.PDFVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PDFVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PDFVersion\"}}},{\"name\":\"scan.exiftool.PDFVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PDFVersion\"}}},{\"name\":\"scan.exiftool.PEType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PEType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PEType\"}}},{\"name\":\"scan.exiftool.PEType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PEType\"}}},{\"name\":\"scan.exiftool.PTEX_Fullbanner\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PTEX_Fullbanner.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PTEX_Fullbanner\"}}},{\"name\":\"scan.exiftool.PTEX_Fullbanner.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PTEX_Fullbanner\"}}},{\"name\":\"scan.exiftool.PageCount\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PageCount.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PageCount\"}}},{\"name\":\"scan.exiftool.PageCount.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PageCount\"}}},{\"name\":\"scan.exiftool.Pages\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Pages.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Pages\"}}},{\"name\":\"scan.exiftool.Pages.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Pages\"}}},{\"name\":\"scan.exiftool.Paragraphs\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Paragraphs.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Paragraphs\"}}},{\"name\":\"scan.exiftool.Paragraphs.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Paragraphs\"}}},{\"name\":\"scan.exiftool.PrivateBuild\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PrivateBuild.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PrivateBuild\"}}},{\"name\":\"scan.exiftool.PrivateBuild.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PrivateBuild\"}}},{\"name\":\"scan.exiftool.Producer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Producer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Producer\"}}},{\"name\":\"scan.exiftool.Producer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Producer\"}}},{\"name\":\"scan.exiftool.ProductName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ProductName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductName\"}}},{\"name\":\"scan.exiftool.ProductName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductName\"}}},{\"name\":\"scan.exiftool.ProductVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ProductVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersion\"}}},{\"name\":\"scan.exiftool.ProductVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersion\"}}},{\"name\":\"scan.exiftool.ProductVersionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ProductVersionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersionNumber\"}}},{\"name\":\"scan.exiftool.ProductVersionNumber.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersionNumber\"}}},{\"name\":\"scan.exiftool.RevisionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.RevisionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.RevisionNumber\"}}},{\"name\":\"scan.exiftool.RevisionNumber.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.RevisionNumber\"}}},{\"name\":\"scan.exiftool.ScaleCrop\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ScaleCrop.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ScaleCrop\"}}},{\"name\":\"scan.exiftool.ScaleCrop.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ScaleCrop\"}}},{\"name\":\"scan.exiftool.Security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Security.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Security\"}}},{\"name\":\"scan.exiftool.Security.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Security\"}}},{\"name\":\"scan.exiftool.SharedDoc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SharedDoc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SharedDoc\"}}},{\"name\":\"scan.exiftool.SharedDoc.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SharedDoc\"}}},{\"name\":\"scan.exiftool.Software\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Software.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Software\"}}},{\"name\":\"scan.exiftool.Software.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Software\"}}},{\"name\":\"scan.exiftool.SourceFile\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SourceFile.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SourceFile\"}}},{\"name\":\"scan.exiftool.SourceFile.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SourceFile\"}}},{\"name\":\"scan.exiftool.SpecialBuild\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SpecialBuild.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SpecialBuild\"}}},{\"name\":\"scan.exiftool.SpecialBuild.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SpecialBuild\"}}},{\"name\":\"scan.exiftool.Subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subject\"}}},{\"name\":\"scan.exiftool.Subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subject\"}}},{\"name\":\"scan.exiftool.Subsystem\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Subsystem.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subsystem\"}}},{\"name\":\"scan.exiftool.Subsystem.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subsystem\"}}},{\"name\":\"scan.exiftool.SubsystemVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SubsystemVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SubsystemVersion\"}}},{\"name\":\"scan.exiftool.SubsystemVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SubsystemVersion\"}}},{\"name\":\"scan.exiftool.SvnRevision\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SvnRevision.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SvnRevision\"}}},{\"name\":\"scan.exiftool.SvnRevision.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SvnRevision\"}}},{\"name\":\"scan.exiftool.Template\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Template.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Template\"}}},{\"name\":\"scan.exiftool.Template.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Template\"}}},{\"name\":\"scan.exiftool.TimeStamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.TimeStamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TimeStamp\"}}},{\"name\":\"scan.exiftool.TimeStamp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TimeStamp\"}}},{\"name\":\"scan.exiftool.Title\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Title.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Title\"}}},{\"name\":\"scan.exiftool.Title.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Title\"}}},{\"name\":\"scan.exiftool.TitleOfParts\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.TitleOfParts.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TitleOfParts\"}}},{\"name\":\"scan.exiftool.TitleOfParts.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TitleOfParts\"}}},{\"name\":\"scan.exiftool.TotalEditTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.TotalEditTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TotalEditTime\"}}},{\"name\":\"scan.exiftool.TotalEditTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TotalEditTime\"}}},{\"name\":\"scan.exiftool.Trapped\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Trapped.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Trapped\"}}},{\"name\":\"scan.exiftool.Trapped.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Trapped\"}}},{\"name\":\"scan.exiftool.UninitializedDataSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.UninitializedDataSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.UninitializedDataSize\"}}},{\"name\":\"scan.exiftool.UninitializedDataSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.UninitializedDataSize\"}}},{\"name\":\"scan.exiftool.Warning\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Warning.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Warning\"}}},{\"name\":\"scan.exiftool.Warning.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Warning\"}}},{\"name\":\"scan.exiftool.Words\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Words.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Words\"}}},{\"name\":\"scan.exiftool.Words.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Words\"}}},{\"name\":\"scan.exiftool.XMPToolkit\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.XMPToolkit.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.XMPToolkit\"}}},{\"name\":\"scan.exiftool.XMPToolkit.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.XMPToolkit\"}}},{\"name\":\"scan.exiftool.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.header.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.header.header\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.header.header.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.header.header\"}}},{\"name\":\"scan.header.header.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.header.header\"}}},{\"name\":\"scan.ini.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ini.keys.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.keys.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.name\"}}},{\"name\":\"scan.ini.keys.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.name\"}}},{\"name\":\"scan.ini.keys.section\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.keys.section.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.section\"}}},{\"name\":\"scan.ini.keys.section.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.section\"}}},{\"name\":\"scan.ini.keys.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.keys.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.value\"}}},{\"name\":\"scan.ini.keys.value.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.value\"}}},{\"name\":\"scan.ini.sections\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.sections.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.sections\"}}},{\"name\":\"scan.ini.sections.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.ini.sections\"}}},{\"name\":\"scan.libarchive.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.libarchive.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.libarchive.total.files\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.mmbot.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.mmbot.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.mmbot.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.mmbot.flags\"}}},{\"name\":\"scan.mmbot.flags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.mmbot.flags\"}}},{\"name\":\"scan.ocr.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ole.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ole.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ole.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ole.flags\"}}},{\"name\":\"scan.ole.flags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.ole.flags\"}}},{\"name\":\"scan.ole.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ole.total.streams\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pdf.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pdf.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pdf.total.objects\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.debug.age\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.debug.guid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.debug.guid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.guid\"}}},{\"name\":\"scan.pe.debug.guid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.guid\"}}},{\"name\":\"scan.pe.debug.pdb\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.debug.pdb.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.pdb\"}}},{\"name\":\"scan.pe.debug.pdb.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.pdb\"}}},{\"name\":\"scan.pe.debug.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.debug.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.type\"}}},{\"name\":\"scan.pe.debug.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.type\"}}},{\"name\":\"scan.pe.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.file_info.fixed.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.fixed.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.flags\"}}},{\"name\":\"scan.pe.file_info.fixed.flags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.flags\"}}},{\"name\":\"scan.pe.file_info.fixed.operating_systems\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.fixed.operating_systems.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.operating_systems\"}}},{\"name\":\"scan.pe.file_info.fixed.operating_systems.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.operating_systems\"}}},{\"name\":\"scan.pe.file_info.fixed.type.primary\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.fixed.type.primary.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.type.primary\"}}},{\"name\":\"scan.pe.file_info.fixed.type.primary.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.type.primary\"}}},{\"name\":\"scan.pe.file_info.string.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.string.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.name\"}}},{\"name\":\"scan.pe.file_info.string.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.name\"}}},{\"name\":\"scan.pe.file_info.string.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.string.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.value\"}}},{\"name\":\"scan.pe.file_info.string.value.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.value\"}}},{\"name\":\"scan.pe.file_info.var.character_set\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.var.character_set.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.character_set\"}}},{\"name\":\"scan.pe.file_info.var.character_set.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.character_set\"}}},{\"name\":\"scan.pe.file_info.var.language\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.var.language.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.language\"}}},{\"name\":\"scan.pe.file_info.var.language.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.language\"}}},{\"name\":\"scan.pe.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.flags\"}}},{\"name\":\"scan.pe.flags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.flags\"}}},{\"name\":\"scan.pe.header.address.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.address.data\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.address.entry_point\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.address.image\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.alignment.file\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.alignment.section\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.characteristics.dll\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.characteristics.dll.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.dll\"}}},{\"name\":\"scan.pe.header.characteristics.dll.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.dll\"}}},{\"name\":\"scan.pe.header.characteristics.image\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.characteristics.image.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.image\"}}},{\"name\":\"scan.pe.header.characteristics.image.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.image\"}}},{\"name\":\"scan.pe.header.checksum\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.machine.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.machine.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.machine.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.machine.type\"}}},{\"name\":\"scan.pe.header.machine.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.machine.type\"}}},{\"name\":\"scan.pe.header.magic.dos\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.magic.dos.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.dos\"}}},{\"name\":\"scan.pe.header.magic.dos.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.dos\"}}},{\"name\":\"scan.pe.header.magic.image\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.magic.image.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.image\"}}},{\"name\":\"scan.pe.header.magic.image.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.image\"}}},{\"name\":\"scan.pe.header.size.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.data.initialized\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.data.uninitialized\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.headers\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.heap.commit\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.heap.reserve\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.image\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.stack.commit\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.stack.reserve\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.subsystem\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.subsystem.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.subsystem\"}}},{\"name\":\"scan.pe.header.subsystem.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.subsystem\"}}},{\"name\":\"scan.pe.header.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.image\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.linker\",\"type\":\"number\",\"esTypes\":[\"float\",\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.operating_system\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.subsystem\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.imphash\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.imphash.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.imphash\"}}},{\"name\":\"scan.pe.imphash.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.imphash\"}}},{\"name\":\"scan.pe.resources.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.resources.language.primary\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.language.primary.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.primary\"}}},{\"name\":\"scan.pe.resources.language.primary.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.primary\"}}},{\"name\":\"scan.pe.resources.language.sub\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.language.sub.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.sub\"}}},{\"name\":\"scan.pe.resources.language.sub.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.sub\"}}},{\"name\":\"scan.pe.resources.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.name\"}}},{\"name\":\"scan.pe.resources.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.name\"}}},{\"name\":\"scan.pe.resources.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.type\"}}},{\"name\":\"scan.pe.resources.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.type\"}}},{\"name\":\"scan.pe.sections.address.physical\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.sections.address.virtual\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.sections.characteristics\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.sections.characteristics.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.characteristics\"}}},{\"name\":\"scan.pe.sections.characteristics.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.characteristics\"}}},{\"name\":\"scan.pe.sections.entropy\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.sections.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.sections.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.name\"}}},{\"name\":\"scan.pe.sections.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.name\"}}},{\"name\":\"scan.pe.sections.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.symbols.exported\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.exported.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.exported\"}}},{\"name\":\"scan.pe.symbols.exported.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.exported\"}}},{\"name\":\"scan.pe.symbols.imported\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.imported.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.imported\"}}},{\"name\":\"scan.pe.symbols.imported.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.imported\"}}},{\"name\":\"scan.pe.symbols.libraries\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.libraries.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.libraries\"}}},{\"name\":\"scan.pe.symbols.libraries.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.libraries\"}}},{\"name\":\"scan.pe.symbols.table.address\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.symbols.table.library\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.library.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.library\"}}},{\"name\":\"scan.pe.symbols.table.library.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.library\"}}},{\"name\":\"scan.pe.symbols.table.symbol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.symbol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbol\"}}},{\"name\":\"scan.pe.symbols.table.symbol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbol\"}}},{\"name\":\"scan.pe.symbols.table.symbols\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.symbols.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbols\"}}},{\"name\":\"scan.pe.symbols.table.symbols.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbols\"}}},{\"name\":\"scan.pe.symbols.table.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.type\"}}},{\"name\":\"scan.pe.symbols.table.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.type\"}}},{\"name\":\"scan.pe.total.libraries\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.total.resources\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.total.sections\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.total.symbols\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pkcs7.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pkcs7.total.certificates\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pkcs7.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.upx.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.url.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.url.urls\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.url.urls.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.url.urls\"}}},{\"name\":\"scan.url.urls.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.url.urls\"}}},{\"name\":\"scan.vb.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.vb.functions\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.functions.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.functions\"}}},{\"name\":\"scan.vb.functions.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vb.functions\"}}},{\"name\":\"scan.vb.names\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.names.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.names\"}}},{\"name\":\"scan.vb.names.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vb.names\"}}},{\"name\":\"scan.vb.operators\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.operators.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.operators\"}}},{\"name\":\"scan.vb.operators.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vb.operators\"}}},{\"name\":\"scan.vb.strings\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.strings.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.strings\"}}},{\"name\":\"scan.vb.strings.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vb.strings\"}}},{\"name\":\"scan.vb.tokens\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.tokens.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.tokens\"}}},{\"name\":\"scan.vb.tokens.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vb.tokens\"}}},{\"name\":\"scan.vba.auto_exec\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.auto_exec.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.auto_exec\"}}},{\"name\":\"scan.vba.auto_exec.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vba.auto_exec\"}}},{\"name\":\"scan.vba.base64\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.base64.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.base64\"}}},{\"name\":\"scan.vba.base64.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vba.base64\"}}},{\"name\":\"scan.vba.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.vba.ioc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.ioc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.ioc\"}}},{\"name\":\"scan.vba.ioc.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vba.ioc\"}}},{\"name\":\"scan.vba.suspicious\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.suspicious.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.suspicious\"}}},{\"name\":\"scan.vba.suspicious.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vba.suspicious\"}}},{\"name\":\"scan.vba.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.vba.total.files\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.expired\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.fingerprint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.fingerprint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.fingerprint\"}}},{\"name\":\"scan.x509.fingerprint.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.x509.fingerprint\"}}},{\"name\":\"scan.x509.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.issuer\"}}},{\"name\":\"scan.x509.issuer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.x509.issuer\"}}},{\"name\":\"scan.x509.not_after\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.not_before\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.serial_number\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.serial_number.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.serial_number\"}}},{\"name\":\"scan.x509.serial_number.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.x509.serial_number\"}}},{\"name\":\"scan.x509.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.subject\"}}},{\"name\":\"scan.x509.subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.x509.subject\"}}},{\"name\":\"scan.x509.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.namespaces\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.xml.namespaces.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.xml.namespaces\"}}},{\"name\":\"scan.xml.namespaces.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.xml.namespaces\"}}},{\"name\":\"scan.xml.tags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.xml.tags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.xml.tags\"}}},{\"name\":\"scan.xml.tags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.xml.tags\"}}},{\"name\":\"scan.xml.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.total.tags\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.xml.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.xml.version\"}}},{\"name\":\"scan.xml.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.xml.version\"}}},{\"name\":\"scan.yara.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.yara.matches\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.yara.matches.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.yara.matches\"}}},{\"name\":\"scan.yara.matches.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.yara.matches\"}}},{\"name\":\"server.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.address\"}}},{\"name\":\"server.address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"server.address\"}}},{\"name\":\"server.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.ip_bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.port\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.reply_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.reply_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.reply_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.reply_message\"}}},{\"name\":\"server.reply_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"server.reply_message\"}}},{\"name\":\"server.status_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.status_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.status_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.status_message\"}}},{\"name\":\"server.status_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"server.status_message\"}}},{\"name\":\"sip.call_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.call_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.call_id\"}}},{\"name\":\"sip.call_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.call_id\"}}},{\"name\":\"sip.content_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.content_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.content_type\"}}},{\"name\":\"sip.content_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.content_type\"}}},{\"name\":\"sip.date\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.date.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.date\"}}},{\"name\":\"sip.date.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.date\"}}},{\"name\":\"sip.method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.method\"}}},{\"name\":\"sip.method.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.method\"}}},{\"name\":\"sip.request.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.request.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.from\"}}},{\"name\":\"sip.request.from.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.request.from\"}}},{\"name\":\"sip.request.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.path\"}}},{\"name\":\"sip.request.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.request.path\"}}},{\"name\":\"sip.request.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.to\"}}},{\"name\":\"sip.request.to.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.request.to\"}}},{\"name\":\"sip.response.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.response.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.from\"}}},{\"name\":\"sip.response.from.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.response.from\"}}},{\"name\":\"sip.response.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.path\"}}},{\"name\":\"sip.response.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.response.path\"}}},{\"name\":\"sip.response.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.to\"}}},{\"name\":\"sip.response.to.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.response.to\"}}},{\"name\":\"sip.seq\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.seq.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.seq\"}}},{\"name\":\"sip.seq.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.seq\"}}},{\"name\":\"sip.transaction.depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.uri\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.uri.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.uri\"}}},{\"name\":\"sip.uri.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.uri\"}}},{\"name\":\"sip.warning\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.warning.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.warning\"}}},{\"name\":\"sip.warning.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.warning\"}}},{\"name\":\"smb.file_system\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.file_system.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.file_system\"}}},{\"name\":\"smb.file_system.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smb.file_system\"}}},{\"name\":\"smb.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.path\"}}},{\"name\":\"smb.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smb.path\"}}},{\"name\":\"smb.service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.service.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.service\"}}},{\"name\":\"smb.service.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smb.service\"}}},{\"name\":\"smb.share_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.share_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.share_type\"}}},{\"name\":\"smb.share_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smb.share_type\"}}},{\"name\":\"smtp.cc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.cc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.cc\"}}},{\"name\":\"smtp.cc.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.cc\"}}},{\"name\":\"smtp.first_received\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.first_received.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.first_received\"}}},{\"name\":\"smtp.first_received.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.first_received\"}}},{\"name\":\"smtp.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.from\"}}},{\"name\":\"smtp.from.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.from\"}}},{\"name\":\"smtp.helo\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.helo.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.helo\"}}},{\"name\":\"smtp.helo.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.helo\"}}},{\"name\":\"smtp.in_reply_to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.in_reply_to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.in_reply_to\"}}},{\"name\":\"smtp.in_reply_to.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.in_reply_to\"}}},{\"name\":\"smtp.is_webmail\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.last_reply\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.last_reply.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.last_reply\"}}},{\"name\":\"smtp.last_reply.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.last_reply\"}}},{\"name\":\"smtp.mail_date\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.mail_date.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_date\"}}},{\"name\":\"smtp.mail_date.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_date\"}}},{\"name\":\"smtp.mail_from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.mail_from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_from\"}}},{\"name\":\"smtp.mail_from.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_from\"}}},{\"name\":\"smtp.message_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.message_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.message_id\"}}},{\"name\":\"smtp.message_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.message_id\"}}},{\"name\":\"smtp.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.path\"}}},{\"name\":\"smtp.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.path\"}}},{\"name\":\"smtp.recipient_to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.recipient_to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.recipient_to\"}}},{\"name\":\"smtp.recipient_to.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.recipient_to\"}}},{\"name\":\"smtp.second_received\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.second_received.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.second_received\"}}},{\"name\":\"smtp.second_received.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.second_received\"}}},{\"name\":\"smtp.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.subject\"}}},{\"name\":\"smtp.subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.subject\"}}},{\"name\":\"smtp.tls\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.to\"}}},{\"name\":\"smtp.to.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.to\"}}},{\"name\":\"smtp.transaction_depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.useragent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.useragent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.useragent\"}}},{\"name\":\"smtp.useragent.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.useragent\"}}},{\"name\":\"snmp.community\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.community.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.community\"}}},{\"name\":\"snmp.community.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"snmp.community\"}}},{\"name\":\"snmp.display_string\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.display_string.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.display_string\"}}},{\"name\":\"snmp.display_string.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"snmp.display_string\"}}},{\"name\":\"snmp.get.bulk_requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.get.requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.get.responses\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.set.requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.up_since\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.up_since.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.up_since\"}}},{\"name\":\"snmp.up_since.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"snmp.up_since\"}}},{\"name\":\"snmp.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.version\"}}},{\"name\":\"snmp.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"snmp.version\"}}},{\"name\":\"socks.bound.host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.bound.host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.bound.host\"}}},{\"name\":\"socks.bound.host.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"socks.bound.host\"}}},{\"name\":\"socks.bound.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"socks.request.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.request.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.request.name\"}}},{\"name\":\"socks.request.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"socks.request.name\"}}},{\"name\":\"socks.request.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"socks.status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.status\"}}},{\"name\":\"socks.status.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"socks.status\"}}},{\"name\":\"socks.user\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.user.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.user\"}}},{\"name\":\"socks.user.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"socks.user\"}}},{\"name\":\"socks.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.name\"}}},{\"name\":\"software.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"software.name\"}}},{\"name\":\"software.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.type\"}}},{\"name\":\"software.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"software.type\"}}},{\"name\":\"software.version.additional_info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.version.additional_info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.version.additional_info\"}}},{\"name\":\"software.version.additional_info.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"software.version.additional_info\"}}},{\"name\":\"software.version.major\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.minor\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.minor2\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.unparsed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.version.unparsed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.version.unparsed\"}}},{\"name\":\"software.version.unparsed.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"software.version.unparsed\"}}},{\"name\":\"source.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.city_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.city_name\"}}},{\"name\":\"source.geo.city_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.city_name\"}}},{\"name\":\"source.geo.continent_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.continent_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.continent_name\"}}},{\"name\":\"source.geo.continent_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.continent_name\"}}},{\"name\":\"source.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.country_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_iso_code\"}}},{\"name\":\"source.geo.country_iso_code.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_iso_code\"}}},{\"name\":\"source.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.country_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_name\"}}},{\"name\":\"source.geo.country_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_name\"}}},{\"name\":\"source.geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.location.lat\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.location.lon\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.region_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_iso_code\"}}},{\"name\":\"source.geo.region_iso_code.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_iso_code\"}}},{\"name\":\"source.geo.region_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.region_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_name\"}}},{\"name\":\"source.geo.region_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_name\"}}},{\"name\":\"source.geo.timezone\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.timezone.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.timezone\"}}},{\"name\":\"source.geo.timezone.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.timezone\"}}},{\"name\":\"source.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.hostname\"}}},{\"name\":\"source.hostname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.hostname\"}}},{\"name\":\"source.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.authentication.attempts\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.authentication.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.cipher_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.cipher_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.cipher_algorithm\"}}},{\"name\":\"ssh.cipher_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.cipher_algorithm\"}}},{\"name\":\"ssh.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.client\"}}},{\"name\":\"ssh.client.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.client\"}}},{\"name\":\"ssh.client_host_key_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.client_host_key_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.client_host_key_algorithms\"}}},{\"name\":\"ssh.client_host_key_algorithms.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.client_host_key_algorithms\"}}},{\"name\":\"ssh.compression_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.compression_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.compression_algorithm\"}}},{\"name\":\"ssh.compression_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.compression_algorithm\"}}},{\"name\":\"ssh.direction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.direction.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.direction\"}}},{\"name\":\"ssh.direction.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.direction\"}}},{\"name\":\"ssh.hassh_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_algorithms\"}}},{\"name\":\"ssh.hassh_algorithms.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_algorithms\"}}},{\"name\":\"ssh.hassh_server\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_server.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server\"}}},{\"name\":\"ssh.hassh_server.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server\"}}},{\"name\":\"ssh.hassh_server_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_server_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server_algorithms\"}}},{\"name\":\"ssh.hassh_server_algorithms.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server_algorithms\"}}},{\"name\":\"ssh.hassh_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_version\"}}},{\"name\":\"ssh.hassh_version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_version\"}}},{\"name\":\"ssh.host_key\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.host_key.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key\"}}},{\"name\":\"ssh.host_key.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key\"}}},{\"name\":\"ssh.host_key_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.host_key_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key_algorithm\"}}},{\"name\":\"ssh.host_key_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key_algorithm\"}}},{\"name\":\"ssh.kex_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.kex_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.kex_algorithm\"}}},{\"name\":\"ssh.kex_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.kex_algorithm\"}}},{\"name\":\"ssh.mac_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.mac_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.mac_algorithm\"}}},{\"name\":\"ssh.mac_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.mac_algorithm\"}}},{\"name\":\"ssh.server\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.server.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.server\"}}},{\"name\":\"ssh.server.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.server\"}}},{\"name\":\"ssh.server_host_key_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.server_host_key_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.server_host_key_algorithms\"}}},{\"name\":\"ssh.server_host_key_algorithms.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.server_host_key_algorithms\"}}},{\"name\":\"ssh.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.certificate.chain_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.chain_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.chain_fuids\"}}},{\"name\":\"ssl.certificate.chain_fuids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.chain_fuids\"}}},{\"name\":\"ssl.certificate.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.issuer\"}}},{\"name\":\"ssl.certificate.issuer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.issuer\"}}},{\"name\":\"ssl.certificate.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.subject\"}}},{\"name\":\"ssl.certificate.subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.subject\"}}},{\"name\":\"ssl.cipher\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.cipher.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.cipher\"}}},{\"name\":\"ssl.cipher.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.cipher\"}}},{\"name\":\"ssl.client.certificate.chain_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.certificate.chain_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.certificate.chain_fuids\"}}},{\"name\":\"ssl.client.certificate.chain_fuids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.client.certificate.chain_fuids\"}}},{\"name\":\"ssl.client.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.issuer\"}}},{\"name\":\"ssl.client.issuer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.client.issuer\"}}},{\"name\":\"ssl.client.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.subject\"}}},{\"name\":\"ssl.client.subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.client.subject\"}}},{\"name\":\"ssl.curve\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.curve.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.curve\"}}},{\"name\":\"ssl.curve.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.curve\"}}},{\"name\":\"ssl.established\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.last_alert\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.last_alert.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.last_alert\"}}},{\"name\":\"ssl.last_alert.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.last_alert\"}}},{\"name\":\"ssl.next_protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.next_protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.next_protocol\"}}},{\"name\":\"ssl.next_protocol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.next_protocol\"}}},{\"name\":\"ssl.resumed\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.server_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.server_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.server_name\"}}},{\"name\":\"ssl.server_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.server_name\"}}},{\"name\":\"ssl.validation_status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.validation_status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.validation_status\"}}},{\"name\":\"ssl.validation_status.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.validation_status\"}}},{\"name\":\"ssl.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.version\"}}},{\"name\":\"ssl.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.version\"}}},{\"name\":\"syslog.facility_label\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog.facility_label.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"syslog.facility_label\"}}},{\"name\":\"syslog.facility_label.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"syslog.facility_label\"}}},{\"name\":\"syslog.severity_label\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog.severity_label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"syslog.severity_label\"}}},{\"name\":\"syslog.severity_label.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"syslog.severity_label\"}}},{\"name\":\"tags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"tags\"}}},{\"name\":\"tunnel.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"tunnel.type\"}}},{\"name\":\"tunnel.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"tunnel.type\"}}},{\"name\":\"user.escalated\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.escalated.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.escalated\"}}},{\"name\":\"user.escalated.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"user.escalated\"}}},{\"name\":\"user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.name\"}}},{\"name\":\"user.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"user.name\"}}},{\"name\":\"version.minor3\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"weird.additional_info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.additional_info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.additional_info\"}}},{\"name\":\"weird.additional_info.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"weird.additional_info\"}}},{\"name\":\"weird.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.name\"}}},{\"name\":\"weird.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"weird.name\"}}},{\"name\":\"weird.notice\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"weird.peer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.peer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.peer\"}}},{\"name\":\"weird.peer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"weird.peer\"}}},{\"name\":\"winlog.activity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.activity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.activity_id\"}}},{\"name\":\"winlog.activity_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.activity_id\"}}},{\"name\":\"winlog.api\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.api.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.api\"}}},{\"name\":\"winlog.api.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.api\"}}},{\"name\":\"winlog.channel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.channel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.channel\"}}},{\"name\":\"winlog.channel.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.channel\"}}},{\"name\":\"winlog.computer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.computer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.computer\"}}},{\"name\":\"winlog.computer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.computer\"}}},{\"name\":\"winlog.computer_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.computer_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.computer_name\"}}},{\"name\":\"winlog.computer_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.computer_name\"}}},{\"name\":\"winlog.eventRecordID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.eventRecordID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.eventRecordID\"}}},{\"name\":\"winlog.eventRecordID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.eventRecordID\"}}},{\"name\":\"winlog.eventSourceName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.eventSourceName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.eventSourceName\"}}},{\"name\":\"winlog.eventSourceName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.eventSourceName\"}}},{\"name\":\"winlog.event_data.AccessList\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.AccessList.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AccessList\"}}},{\"name\":\"winlog.event_data.AccessList.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AccessList\"}}},{\"name\":\"winlog.event_data.AccessMask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.AccessMask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AccessMask\"}}},{\"name\":\"winlog.event_data.AccessMask.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AccessMask\"}}},{\"name\":\"winlog.event_data.Address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Address\"}}},{\"name\":\"winlog.event_data.Address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Address\"}}},{\"name\":\"winlog.event_data.AddressLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.AddressLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AddressLength\"}}},{\"name\":\"winlog.event_data.AddressLength.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AddressLength\"}}},{\"name\":\"winlog.event_data.Binary\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Binary.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Binary\"}}},{\"name\":\"winlog.event_data.Binary.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Binary\"}}},{\"name\":\"winlog.event_data.CreationUtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.CreationUtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.CreationUtcTime\"}}},{\"name\":\"winlog.event_data.CreationUtcTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.CreationUtcTime\"}}},{\"name\":\"winlog.event_data.DeviceName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceName\"}}},{\"name\":\"winlog.event_data.DeviceName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceName\"}}},{\"name\":\"winlog.event_data.DeviceNameLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceNameLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceNameLength\"}}},{\"name\":\"winlog.event_data.DeviceNameLength.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceNameLength\"}}},{\"name\":\"winlog.event_data.DeviceTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceTime\"}}},{\"name\":\"winlog.event_data.DeviceTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceTime\"}}},{\"name\":\"winlog.event_data.DeviceVersionMajor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceVersionMajor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMajor\"}}},{\"name\":\"winlog.event_data.DeviceVersionMajor.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMajor\"}}},{\"name\":\"winlog.event_data.DeviceVersionMinor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceVersionMinor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMinor\"}}},{\"name\":\"winlog.event_data.DeviceVersionMinor.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMinor\"}}},{\"name\":\"winlog.event_data.DirtyPages\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DirtyPages.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DirtyPages\"}}},{\"name\":\"winlog.event_data.DirtyPages.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DirtyPages\"}}},{\"name\":\"winlog.event_data.FileName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.FileName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.FileName\"}}},{\"name\":\"winlog.event_data.FileName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.FileName\"}}},{\"name\":\"winlog.event_data.FinalStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.FinalStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.FinalStatus\"}}},{\"name\":\"winlog.event_data.FinalStatus.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.FinalStatus\"}}},{\"name\":\"winlog.event_data.HandleId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.HandleId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HandleId\"}}},{\"name\":\"winlog.event_data.HandleId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HandleId\"}}},{\"name\":\"winlog.event_data.Hashes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Hashes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Hashes\"}}},{\"name\":\"winlog.event_data.Hashes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Hashes\"}}},{\"name\":\"winlog.event_data.HiveName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.HiveName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HiveName\"}}},{\"name\":\"winlog.event_data.HiveName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HiveName\"}}},{\"name\":\"winlog.event_data.HiveNameLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.HiveNameLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HiveNameLength\"}}},{\"name\":\"winlog.event_data.HiveNameLength.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HiveNameLength\"}}},{\"name\":\"winlog.event_data.ImageLoaded\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ImageLoaded.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ImageLoaded\"}}},{\"name\":\"winlog.event_data.ImageLoaded.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ImageLoaded\"}}},{\"name\":\"winlog.event_data.IntegrityLevel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.IntegrityLevel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.IntegrityLevel\"}}},{\"name\":\"winlog.event_data.IntegrityLevel.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.IntegrityLevel\"}}},{\"name\":\"winlog.event_data.KeysUpdated\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.KeysUpdated.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.KeysUpdated\"}}},{\"name\":\"winlog.event_data.KeysUpdated.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.KeysUpdated\"}}},{\"name\":\"winlog.event_data.LinkName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.LinkName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LinkName\"}}},{\"name\":\"winlog.event_data.LinkName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LinkName\"}}},{\"name\":\"winlog.event_data.LogonGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.LogonGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonGuid\"}}},{\"name\":\"winlog.event_data.LogonGuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonGuid\"}}},{\"name\":\"winlog.event_data.LogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.LogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonId\"}}},{\"name\":\"winlog.event_data.LogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonId\"}}},{\"name\":\"winlog.event_data.NewSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.NewSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewSize\"}}},{\"name\":\"winlog.event_data.NewSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewSize\"}}},{\"name\":\"winlog.event_data.NewState\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.NewState.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewState\"}}},{\"name\":\"winlog.event_data.NewState.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewState\"}}},{\"name\":\"winlog.event_data.NewTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.NewTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewTime\"}}},{\"name\":\"winlog.event_data.NewTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewTime\"}}},{\"name\":\"winlog.event_data.ObjectName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ObjectName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectName\"}}},{\"name\":\"winlog.event_data.ObjectName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectName\"}}},{\"name\":\"winlog.event_data.ObjectServer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ObjectServer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectServer\"}}},{\"name\":\"winlog.event_data.ObjectServer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectServer\"}}},{\"name\":\"winlog.event_data.ObjectType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ObjectType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectType\"}}},{\"name\":\"winlog.event_data.ObjectType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectType\"}}},{\"name\":\"winlog.event_data.OldTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.OldTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.OldTime\"}}},{\"name\":\"winlog.event_data.OldTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.OldTime\"}}},{\"name\":\"winlog.event_data.OriginalSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.OriginalSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.OriginalSize\"}}},{\"name\":\"winlog.event_data.OriginalSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.OriginalSize\"}}},{\"name\":\"winlog.event_data.PreviousCreationUtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.PreviousCreationUtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousCreationUtcTime\"}}},{\"name\":\"winlog.event_data.PreviousCreationUtcTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousCreationUtcTime\"}}},{\"name\":\"winlog.event_data.PreviousTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.PreviousTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousTime\"}}},{\"name\":\"winlog.event_data.PreviousTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousTime\"}}},{\"name\":\"winlog.event_data.ProcessID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ProcessID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessID\"}}},{\"name\":\"winlog.event_data.ProcessID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessID\"}}},{\"name\":\"winlog.event_data.ProcessId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ProcessId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessId\"}}},{\"name\":\"winlog.event_data.ProcessId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessId\"}}},{\"name\":\"winlog.event_data.ProcessName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ProcessName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessName\"}}},{\"name\":\"winlog.event_data.ProcessName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessName\"}}},{\"name\":\"winlog.event_data.QueryName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.QueryName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryName\"}}},{\"name\":\"winlog.event_data.QueryName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryName\"}}},{\"name\":\"winlog.event_data.QueryResults\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.QueryResults.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryResults\"}}},{\"name\":\"winlog.event_data.QueryResults.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryResults\"}}},{\"name\":\"winlog.event_data.QueryStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.QueryStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryStatus\"}}},{\"name\":\"winlog.event_data.QueryStatus.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryStatus\"}}},{\"name\":\"winlog.event_data.Reason\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Reason.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Reason\"}}},{\"name\":\"winlog.event_data.Reason.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Reason\"}}},{\"name\":\"winlog.event_data.ResourceAttributes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ResourceAttributes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ResourceAttributes\"}}},{\"name\":\"winlog.event_data.ResourceAttributes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ResourceAttributes\"}}},{\"name\":\"winlog.event_data.ResourceManager\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ResourceManager.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ResourceManager\"}}},{\"name\":\"winlog.event_data.ResourceManager.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ResourceManager\"}}},{\"name\":\"winlog.event_data.RuleName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.RuleName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.RuleName\"}}},{\"name\":\"winlog.event_data.RuleName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.RuleName\"}}},{\"name\":\"winlog.event_data.Signature\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Signature.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signature\"}}},{\"name\":\"winlog.event_data.Signature.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signature\"}}},{\"name\":\"winlog.event_data.SignatureStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SignatureStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SignatureStatus\"}}},{\"name\":\"winlog.event_data.SignatureStatus.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SignatureStatus\"}}},{\"name\":\"winlog.event_data.Signed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Signed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signed\"}}},{\"name\":\"winlog.event_data.Signed.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signed\"}}},{\"name\":\"winlog.event_data.SubjectDomainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SubjectDomainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectDomainName\"}}},{\"name\":\"winlog.event_data.SubjectDomainName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectDomainName\"}}},{\"name\":\"winlog.event_data.SubjectLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SubjectLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectLogonId\"}}},{\"name\":\"winlog.event_data.SubjectLogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectLogonId\"}}},{\"name\":\"winlog.event_data.SubjectUserSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SubjectUserSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectUserSid\"}}},{\"name\":\"winlog.event_data.SubjectUserSid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectUserSid\"}}},{\"name\":\"winlog.event_data.TerminalSessionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.TerminalSessionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TerminalSessionId\"}}},{\"name\":\"winlog.event_data.TerminalSessionId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TerminalSessionId\"}}},{\"name\":\"winlog.event_data.TransactionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.TransactionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TransactionId\"}}},{\"name\":\"winlog.event_data.TransactionId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TransactionId\"}}},{\"name\":\"winlog.event_data.UtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.UtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.UtcTime\"}}},{\"name\":\"winlog.event_data.UtcTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.UtcTime\"}}},{\"name\":\"winlog.event_data.authenticationPackageName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.authenticationPackageName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.authenticationPackageName\"}}},{\"name\":\"winlog.event_data.authenticationPackageName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.authenticationPackageName\"}}},{\"name\":\"winlog.event_data.callerProcessId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.callerProcessId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.callerProcessId\"}}},{\"name\":\"winlog.event_data.callerProcessId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.callerProcessId\"}}},{\"name\":\"winlog.event_data.callerProcessName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.callerProcessName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.callerProcessName\"}}},{\"name\":\"winlog.event_data.callerProcessName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.callerProcessName\"}}},{\"name\":\"winlog.event_data.clientProcessId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.clientProcessId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.clientProcessId\"}}},{\"name\":\"winlog.event_data.clientProcessId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.clientProcessId\"}}},{\"name\":\"winlog.event_data.countOfCredentialsReturned\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.countOfCredentialsReturned.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.countOfCredentialsReturned\"}}},{\"name\":\"winlog.event_data.countOfCredentialsReturned.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.countOfCredentialsReturned\"}}},{\"name\":\"winlog.event_data.creationUtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.creationUtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.creationUtcTime\"}}},{\"name\":\"winlog.event_data.creationUtcTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.creationUtcTime\"}}},{\"name\":\"winlog.event_data.data\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.data.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.data\"}}},{\"name\":\"winlog.event_data.data.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.data\"}}},{\"name\":\"winlog.event_data.destinationIsIpv6\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.destinationIsIpv6.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.destinationIsIpv6\"}}},{\"name\":\"winlog.event_data.destinationIsIpv6.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.destinationIsIpv6\"}}},{\"name\":\"winlog.event_data.destinationPortName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.destinationPortName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.destinationPortName\"}}},{\"name\":\"winlog.event_data.destinationPortName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.destinationPortName\"}}},{\"name\":\"winlog.event_data.details\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.details.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.details\"}}},{\"name\":\"winlog.event_data.details.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.details\"}}},{\"name\":\"winlog.event_data.elevatedToken\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.elevatedToken.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.elevatedToken\"}}},{\"name\":\"winlog.event_data.elevatedToken.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.elevatedToken\"}}},{\"name\":\"winlog.event_data.errorCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.errorCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.errorCode\"}}},{\"name\":\"winlog.event_data.errorCode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.errorCode\"}}},{\"name\":\"winlog.event_data.eventType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.eventType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.eventType\"}}},{\"name\":\"winlog.event_data.eventType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.eventType\"}}},{\"name\":\"winlog.event_data.hashes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.hashes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.hashes\"}}},{\"name\":\"winlog.event_data.hashes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.hashes\"}}},{\"name\":\"winlog.event_data.imagePath\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.imagePath.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.imagePath\"}}},{\"name\":\"winlog.event_data.imagePath.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.imagePath\"}}},{\"name\":\"winlog.event_data.impersonationLevel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.impersonationLevel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.impersonationLevel\"}}},{\"name\":\"winlog.event_data.impersonationLevel.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.impersonationLevel\"}}},{\"name\":\"winlog.event_data.initiated\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.initiated.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.initiated\"}}},{\"name\":\"winlog.event_data.initiated.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.initiated\"}}},{\"name\":\"winlog.event_data.integrityLevel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.integrityLevel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.integrityLevel\"}}},{\"name\":\"winlog.event_data.integrityLevel.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.integrityLevel\"}}},{\"name\":\"winlog.event_data.keyLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.keyLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.keyLength\"}}},{\"name\":\"winlog.event_data.keyLength.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.keyLength\"}}},{\"name\":\"winlog.event_data.logonGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.logonGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonGuid\"}}},{\"name\":\"winlog.event_data.logonGuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonGuid\"}}},{\"name\":\"winlog.event_data.logonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.logonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonId\"}}},{\"name\":\"winlog.event_data.logonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonId\"}}},{\"name\":\"winlog.event_data.logonProcessName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.logonProcessName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonProcessName\"}}},{\"name\":\"winlog.event_data.logonProcessName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonProcessName\"}}},{\"name\":\"winlog.event_data.logonType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.logonType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonType\"}}},{\"name\":\"winlog.event_data.logonType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonType\"}}},{\"name\":\"winlog.event_data.param1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param1\"}}},{\"name\":\"winlog.event_data.param1.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param1\"}}},{\"name\":\"winlog.event_data.param10\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param10.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param10\"}}},{\"name\":\"winlog.event_data.param10.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param10\"}}},{\"name\":\"winlog.event_data.param11\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param11.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param11\"}}},{\"name\":\"winlog.event_data.param11.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param11\"}}},{\"name\":\"winlog.event_data.param16\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param16.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param16\"}}},{\"name\":\"winlog.event_data.param16.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param16\"}}},{\"name\":\"winlog.event_data.param19\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param19.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param19\"}}},{\"name\":\"winlog.event_data.param19.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param19\"}}},{\"name\":\"winlog.event_data.param2\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param2.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param2\"}}},{\"name\":\"winlog.event_data.param2.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param2\"}}},{\"name\":\"winlog.event_data.param20\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param20.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param20\"}}},{\"name\":\"winlog.event_data.param20.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param20\"}}},{\"name\":\"winlog.event_data.param21\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param21.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param21\"}}},{\"name\":\"winlog.event_data.param21.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param21\"}}},{\"name\":\"winlog.event_data.param22\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param22.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param22\"}}},{\"name\":\"winlog.event_data.param22.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param22\"}}},{\"name\":\"winlog.event_data.param23\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param23.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param23\"}}},{\"name\":\"winlog.event_data.param23.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param23\"}}},{\"name\":\"winlog.event_data.param3\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param3.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param3\"}}},{\"name\":\"winlog.event_data.param3.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param3\"}}},{\"name\":\"winlog.event_data.param4\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param4.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param4\"}}},{\"name\":\"winlog.event_data.param4.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param4\"}}},{\"name\":\"winlog.event_data.param5\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param5.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param5\"}}},{\"name\":\"winlog.event_data.param5.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param5\"}}},{\"name\":\"winlog.event_data.param6\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param6.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param6\"}}},{\"name\":\"winlog.event_data.param6.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param6\"}}},{\"name\":\"winlog.event_data.param7\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param7.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param7\"}}},{\"name\":\"winlog.event_data.param7.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param7\"}}},{\"name\":\"winlog.event_data.param8\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param8.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param8\"}}},{\"name\":\"winlog.event_data.param8.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param8\"}}},{\"name\":\"winlog.event_data.param9\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param9.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param9\"}}},{\"name\":\"winlog.event_data.param9.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param9\"}}},{\"name\":\"winlog.event_data.privilegeList\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.privilegeList.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.privilegeList\"}}},{\"name\":\"winlog.event_data.privilegeList.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.privilegeList\"}}},{\"name\":\"winlog.event_data.processCreationTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.processCreationTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processCreationTime\"}}},{\"name\":\"winlog.event_data.processCreationTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processCreationTime\"}}},{\"name\":\"winlog.event_data.processId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.processId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processId\"}}},{\"name\":\"winlog.event_data.processId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processId\"}}},{\"name\":\"winlog.event_data.processName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.processName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processName\"}}},{\"name\":\"winlog.event_data.processName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processName\"}}},{\"name\":\"winlog.event_data.protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.protocol\"}}},{\"name\":\"winlog.event_data.protocol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.protocol\"}}},{\"name\":\"winlog.event_data.queryName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.queryName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryName\"}}},{\"name\":\"winlog.event_data.queryName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryName\"}}},{\"name\":\"winlog.event_data.queryResults\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.queryResults.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryResults\"}}},{\"name\":\"winlog.event_data.queryResults.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryResults\"}}},{\"name\":\"winlog.event_data.queryStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.queryStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryStatus\"}}},{\"name\":\"winlog.event_data.queryStatus.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryStatus\"}}},{\"name\":\"winlog.event_data.readOperation\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.readOperation.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.readOperation\"}}},{\"name\":\"winlog.event_data.readOperation.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.readOperation\"}}},{\"name\":\"winlog.event_data.returnCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.returnCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.returnCode\"}}},{\"name\":\"winlog.event_data.returnCode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.returnCode\"}}},{\"name\":\"winlog.event_data.ruleName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ruleName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ruleName\"}}},{\"name\":\"winlog.event_data.ruleName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ruleName\"}}},{\"name\":\"winlog.event_data.serviceGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.serviceGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceGuid\"}}},{\"name\":\"winlog.event_data.serviceGuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceGuid\"}}},{\"name\":\"winlog.event_data.serviceName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.serviceName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceName\"}}},{\"name\":\"winlog.event_data.serviceName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceName\"}}},{\"name\":\"winlog.event_data.serviceType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.serviceType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceType\"}}},{\"name\":\"winlog.event_data.serviceType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceType\"}}},{\"name\":\"winlog.event_data.sourceIsIpv6\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.sourceIsIpv6.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.sourceIsIpv6\"}}},{\"name\":\"winlog.event_data.sourceIsIpv6.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.sourceIsIpv6\"}}},{\"name\":\"winlog.event_data.startType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.startType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.startType\"}}},{\"name\":\"winlog.event_data.startType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.startType\"}}},{\"name\":\"winlog.event_data.subjectDomainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.subjectDomainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectDomainName\"}}},{\"name\":\"winlog.event_data.subjectDomainName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectDomainName\"}}},{\"name\":\"winlog.event_data.subjectLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.subjectLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectLogonId\"}}},{\"name\":\"winlog.event_data.subjectLogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectLogonId\"}}},{\"name\":\"winlog.event_data.subjectUserName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.subjectUserName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectUserName\"}}},{\"name\":\"winlog.event_data.subjectUserName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectUserName\"}}},{\"name\":\"winlog.event_data.subjectUserSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.subjectUserSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectUserSid\"}}},{\"name\":\"winlog.event_data.subjectUserSid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectUserSid\"}}},{\"name\":\"winlog.event_data.targetDomainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetDomainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetDomainName\"}}},{\"name\":\"winlog.event_data.targetDomainName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetDomainName\"}}},{\"name\":\"winlog.event_data.targetLinkedLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetLinkedLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetLinkedLogonId\"}}},{\"name\":\"winlog.event_data.targetLinkedLogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetLinkedLogonId\"}}},{\"name\":\"winlog.event_data.targetLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetLogonId\"}}},{\"name\":\"winlog.event_data.targetLogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetLogonId\"}}},{\"name\":\"winlog.event_data.targetName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetName\"}}},{\"name\":\"winlog.event_data.targetName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetName\"}}},{\"name\":\"winlog.event_data.targetObject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetObject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetObject\"}}},{\"name\":\"winlog.event_data.targetObject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetObject\"}}},{\"name\":\"winlog.event_data.targetSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetSid\"}}},{\"name\":\"winlog.event_data.targetSid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetSid\"}}},{\"name\":\"winlog.event_data.targetUserName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetUserName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetUserName\"}}},{\"name\":\"winlog.event_data.targetUserName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetUserName\"}}},{\"name\":\"winlog.event_data.targetUserSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetUserSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetUserSid\"}}},{\"name\":\"winlog.event_data.targetUserSid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetUserSid\"}}},{\"name\":\"winlog.event_data.terminalSessionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.terminalSessionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.terminalSessionId\"}}},{\"name\":\"winlog.event_data.terminalSessionId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.terminalSessionId\"}}},{\"name\":\"winlog.event_data.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.type\"}}},{\"name\":\"winlog.event_data.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.type\"}}},{\"name\":\"winlog.event_data.updateGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.updateGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateGuid\"}}},{\"name\":\"winlog.event_data.updateGuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateGuid\"}}},{\"name\":\"winlog.event_data.updateRevisionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.updateRevisionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateRevisionNumber\"}}},{\"name\":\"winlog.event_data.updateRevisionNumber.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateRevisionNumber\"}}},{\"name\":\"winlog.event_data.updateTitle\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.updateTitle.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateTitle\"}}},{\"name\":\"winlog.event_data.updateTitle.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateTitle\"}}},{\"name\":\"winlog.event_data.utcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.utcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.utcTime\"}}},{\"name\":\"winlog.event_data.utcTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.utcTime\"}}},{\"name\":\"winlog.event_data.virtualAccount\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.virtualAccount.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.virtualAccount\"}}},{\"name\":\"winlog.event_data.virtualAccount.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.virtualAccount\"}}},{\"name\":\"winlog.event_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.keywords\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.keywords.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.keywords\"}}},{\"name\":\"winlog.keywords.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.keywords\"}}},{\"name\":\"winlog.level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.level\"}}},{\"name\":\"winlog.level.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.level\"}}},{\"name\":\"winlog.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.message\"}}},{\"name\":\"winlog.message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.message\"}}},{\"name\":\"winlog.opcode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.opcode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.opcode\"}}},{\"name\":\"winlog.opcode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.opcode\"}}},{\"name\":\"winlog.process.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.process.thread.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.processID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.processID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.processID\"}}},{\"name\":\"winlog.processID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.processID\"}}},{\"name\":\"winlog.providerGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.providerGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.providerGuid\"}}},{\"name\":\"winlog.providerGuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.providerGuid\"}}},{\"name\":\"winlog.providerName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.providerName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.providerName\"}}},{\"name\":\"winlog.providerName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.providerName\"}}},{\"name\":\"winlog.provider_guid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.provider_guid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_guid\"}}},{\"name\":\"winlog.provider_guid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_guid\"}}},{\"name\":\"winlog.provider_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.provider_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_name\"}}},{\"name\":\"winlog.provider_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_name\"}}},{\"name\":\"winlog.record_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.severityValue\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.severityValue.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.severityValue\"}}},{\"name\":\"winlog.severityValue.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.severityValue\"}}},{\"name\":\"winlog.systemTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.systemTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.systemTime\"}}},{\"name\":\"winlog.systemTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.systemTime\"}}},{\"name\":\"winlog.task\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.task.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.task\"}}},{\"name\":\"winlog.task.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.task\"}}},{\"name\":\"winlog.threadID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.threadID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.threadID\"}}},{\"name\":\"winlog.threadID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.threadID\"}}},{\"name\":\"winlog.user.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.domain\"}}},{\"name\":\"winlog.user.domain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user.domain\"}}},{\"name\":\"winlog.user.identifier\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.identifier.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.identifier\"}}},{\"name\":\"winlog.user.identifier.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user.identifier\"}}},{\"name\":\"winlog.user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.name\"}}},{\"name\":\"winlog.user.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user.name\"}}},{\"name\":\"winlog.user.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.type\"}}},{\"name\":\"winlog.user.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user.type\"}}},{\"name\":\"winlog.user_data.SubjectDomainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.SubjectDomainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectDomainName\"}}},{\"name\":\"winlog.user_data.SubjectDomainName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectDomainName\"}}},{\"name\":\"winlog.user_data.SubjectLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.SubjectLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectLogonId\"}}},{\"name\":\"winlog.user_data.SubjectLogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectLogonId\"}}},{\"name\":\"winlog.user_data.SubjectUserName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.SubjectUserName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectUserName\"}}},{\"name\":\"winlog.user_data.SubjectUserName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectUserName\"}}},{\"name\":\"winlog.user_data.SubjectUserSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.SubjectUserSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectUserSid\"}}},{\"name\":\"winlog.user_data.SubjectUserSid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectUserSid\"}}},{\"name\":\"winlog.user_data.xml_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.xml_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.xml_name\"}}},{\"name\":\"winlog.user_data.xml_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.xml_name\"}}},{\"name\":\"winlog.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.basic_constraints.ca\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.certificate.curve\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.curve.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.curve\"}}},{\"name\":\"x509.certificate.curve.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.curve\"}}},{\"name\":\"x509.certificate.exponent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.exponent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.exponent\"}}},{\"name\":\"x509.certificate.exponent.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.exponent\"}}},{\"name\":\"x509.certificate.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.issuer\"}}},{\"name\":\"x509.certificate.issuer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.issuer\"}}},{\"name\":\"x509.certificate.key.algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.key.algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.algorithm\"}}},{\"name\":\"x509.certificate.key.algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.algorithm\"}}},{\"name\":\"x509.certificate.key.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.certificate.key.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.key.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.type\"}}},{\"name\":\"x509.certificate.key.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.type\"}}},{\"name\":\"x509.certificate.not_valid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.not_valid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_after\"}}},{\"name\":\"x509.certificate.not_valid_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_after\"}}},{\"name\":\"x509.certificate.not_valid_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.not_valid_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_before\"}}},{\"name\":\"x509.certificate.not_valid_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_before\"}}},{\"name\":\"x509.certificate.serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.serial\"}}},{\"name\":\"x509.certificate.serial.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.serial\"}}},{\"name\":\"x509.certificate.signing_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.signing_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.signing_algorithm\"}}},{\"name\":\"x509.certificate.signing_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.signing_algorithm\"}}},{\"name\":\"x509.certificate.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.subject\"}}},{\"name\":\"x509.certificate.subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.subject\"}}},{\"name\":\"x509.certificate.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.san_dns\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.san_dns.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.san_dns\"}}},{\"name\":\"x509.san_dns.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.san_dns\"}}}]","timeFieldName":"@timestamp","title":"*:so-*"},"coreMigrationVersion":"7.16.2","id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"sort":[1643385898421,12],"type":"index-pattern","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjY3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - All Logs","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - All Logs\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":29}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"7.16.2","id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,14],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjY4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Logs Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Logs Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"7.16.2","id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,16],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjY5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"},"coreMigrationVersion":"7.16.2","id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,18],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjcwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Destination IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}"},"coreMigrationVersion":"7.16.2","id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,20],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjcxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - Sender","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - Sender\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp.from.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From\"}}]}"},"coreMigrationVersion":"7.16.2","id":"7a789740-75e7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,22],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjcyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - Recipient","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - Recipient\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"To\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp.to.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Recipient\"}}]}"},"coreMigrationVersion":"7.16.2","id":"a5742950-75e7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,24],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjczLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - TLS","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - TLS\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"smtp.tls: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"smtp.tls\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TLS\"}}]}"},"coreMigrationVersion":"7.16.2","id":"e77a2b60-75e7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,26],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjc0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"smtp.subject.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp.subject.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subject\"}}]}"},"coreMigrationVersion":"7.16.2","id":"0713ebf0-75e8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,28],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjc1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - User Agent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp.useragent.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User Agent\"}}]}"},"coreMigrationVersion":"7.16.2","id":"4178ce00-75e8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,30],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjc2LDE1XQ=="} -{"attributes":{"columns":["source.ip","source.port","destination.ip","destination.port","log.id.uid","network.community_id","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"Security Onion - All Logs","version":1},"coreMigrationVersion":"7.16.2","id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","migrationVersion":{"search":"7.9.3"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,32],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjc3LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:smtp\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"a603d9db-ab4e-40b0-aeb8-0f1c1f84bd85\"},\"panelIndex\":\"a603d9db-ab4e-40b0-aeb8-0f1c1f84bd85\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":14,\"y\":0,\"w\":16,\"h\":9,\"i\":\"6fd30865-1d5d-4f8f-9173-77220bb23395\"},\"panelIndex\":\"6fd30865-1d5d-4f8f-9173-77220bb23395\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":9,\"i\":\"1b0acf7a-2a47-4eb4-9cb2-34cd6c499472\"},\"panelIndex\":\"1b0acf7a-2a47-4eb4-9cb2-34cd6c499472\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":18,\"i\":\"d31027fb-a090-474f-9863-712ef30c0b3e\"},\"panelIndex\":\"d31027fb-a090-474f-9863-712ef30c0b3e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":18,\"i\":\"fb5452b7-cb91-4415-ad6b-37f2c05955fa\"},\"panelIndex\":\"fb5452b7-cb91-4415-ad6b-37f2c05955fa\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":18,\"y\":9,\"w\":15,\"h\":18,\"i\":\"9aaa1369-1a61-4bb0-bb30-6bbb476fbb8a\"},\"panelIndex\":\"9aaa1369-1a61-4bb0-bb30-6bbb476fbb8a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":18,\"i\":\"4bf1751e-8da2-4f5a-b66d-2f09338b2053\"},\"panelIndex\":\"4bf1751e-8da2-4f5a-b66d-2f09338b2053\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":18,\"h\":18,\"i\":\"9365d9e9-478f-499d-aa41-d8f42081ff1c\"},\"panelIndex\":\"9365d9e9-478f-499d-aa41-d8f42081ff1c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":18,\"y\":27,\"w\":15,\"h\":18,\"i\":\"18ad4f7a-1a1e-4dcb-8810-bb74d247c9fa\"},\"panelIndex\":\"18ad4f7a-1a1e-4dcb-8810-bb74d247c9fa\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":33,\"y\":27,\"w\":15,\"h\":18,\"i\":\"44a5b84f-2636-45f4-bb5e-9f8ab11f4107\"},\"panelIndex\":\"44a5b84f-2636-45f4-bb5e-9f8ab11f4107\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":29,\"i\":\"4053cc7e-9771-46d9-8e03-e430ab096805\"},\"panelIndex\":\"4053cc7e-9771-46d9-8e03-e430ab096805\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"Security Onion - SMTP","version":1},"coreMigrationVersion":"7.16.2","id":"00304500-75e7-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"7a789740-75e7-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"a5742950-75e7-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"e77a2b60-75e7-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"0713ebf0-75e8-11ea-9565-7315f4ee5cac","name":"panel_8","type":"visualization"},{"id":"4178ce00-75e8-11ea-9565-7315f4ee5cac","name":"panel_9","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_10","type":"search"}],"sort":[1643385898421,44],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjc4LDE1XQ=="} -{"attributes":{"columns":["note","source_ip","destination_ip","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event_type:bro_notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Notices - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,46],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjc5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Notices - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"3027c4f0-34e4-11e7-9669-7f1d3242b798","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,48],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjgwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"},"title":"Navigation","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Home](/kibana/app/dashboards#/view/94b52620-342a-11e7-9d52-4f090484f59e) \\n[Help](/kibana/app/dashboards#/view/AV6-POJSDwoBUzALqKAg) \\n\\n**Alert Data** \\n[Bro Notices](/kibana/app/dashboards#/view/01600fb0-34e4-11e7-9669-7f1d3242b798) \\n[ElastAlert](/kibana/app/dashboards#/view/1d98d620-7dce-11e7-846a-150cdcaf3374) \\n[HIDS](/kibana/app/dashboards#/view/0de7a390-3644-11e7-a6f7-4f44d7bf1c33) \\n[NIDS](/kibana/app/dashboards#/view/7f27a830-34e5-11e7-9669-7f1d3242b798)   \\n\\n**Bro Hunting** \\n[Connections](/kibana/app/dashboards#/view/e0a34b90-34e6-11e7-9118-45bd317f0ca4) \\n[DCE/RPC](/kibana/app/dashboards#/view/46582d50-3af2-11e7-a83b-b1b4da7d15f4) \\n[DHCP](/kibana/app/dashboards#/view/85348270-357b-11e7-ac34-8965f6420c51) \\n[DNP3](/kibana/app/dashboards#/view/2fdf5bf0-3581-11e7-98ef-19df58fe538b) \\n[DNS](/kibana/app/dashboards#/view/ebf5ec90-34bf-11e7-9b32-bb903919ead9) \\n[Files](/kibana/app/dashboards#/view/2d315d80-3582-11e7-98ef-19df58fe538b) \\n[FTP](/kibana/app/dashboards#/view/27f3b380-3583-11e7-a588-05992195c551) \\n[HTTP](/kibana/app/dashboards#/view/230134a0-34c6-11e7-8360-0b86c90983fd) \\n[Intel](/kibana/app/dashboards#/view/468022c0-3583-11e7-a588-05992195c551) \\n[IRC](/kibana/app/dashboards#/view/56a34ce0-3583-11e7-a588-05992195c551) \\n[Kerberos](/kibana/app/dashboards#/view/6b0d4870-3583-11e7-a588-05992195c551) \\n[Modbus](/kibana/app/dashboards#/view/70c005f0-3583-11e7-a588-05992195c551) \\n[MySQL](/kibana/app/dashboards#/view/7929f430-3583-11e7-a588-05992195c551) \\n[NTLM](/kibana/app/dashboards#/view/022713e0-3ab0-11e7-a83b-b1b4da7d15f4) \\n[PE](/kibana/app/dashboards#/view/8a10e380-3583-11e7-a588-05992195c551) \\n[RADIUS](/kibana/app/dashboards#/view/90b246c0-3583-11e7-a588-05992195c551) \\n[RDP](/kibana/app/dashboards#/view/97f8c3a0-3583-11e7-a588-05992195c551) \\n[RFB](/kibana/app/dashboards#/view/9ef20ae0-3583-11e7-a588-05992195c551) \\n[SIP](/kibana/app/dashboards#/view/ad3c0830-3583-11e7-a588-05992195c551) \\n[SMB](/kibana/app/dashboards#/view/b3a53710-3aaa-11e7-8b17-0d8709b02c80) \\n[SMTP](/kibana/app/dashboards#/view/b10a9c60-3583-11e7-a588-05992195c551) \\n[SNMP](/kibana/app/dashboards#/view/b65c2710-3583-11e7-a588-05992195c551) \\n[Software](/kibana/app/dashboards#/view/c2c99c30-3583-11e7-a588-05992195c551) \\n[SSH](/kibana/app/dashboards#/view/c6ccfc00-3583-11e7-a588-05992195c551) \\n[SSL](/kibana/app/dashboards#/view/cca67b60-3583-11e7-a588-05992195c551) \\n[Syslog](/kibana/app/dashboards#/view/c4bbe040-76b3-11e7-ba96-cba76a1e264d) \\n[Tunnels](/kibana/app/dashboards#/view/d7b54ae0-3583-11e7-a588-05992195c551) \\n[Weird](/kibana/app/dashboards#/view/de2da250-3583-11e7-a588-05992195c551) \\n[X.509](/kibana/app/dashboards#/view/e5aa7170-3583-11e7-a588-05992195c551) \\n\\n**Host Hunting** \\n[Autoruns](/kibana/app/dashboards#/view/61d43810-6d62-11e7-8ddb-e71eb260f4a3) \\n[Beats](/kibana/app/dashboards#/view/AWBLNS3CRuBloj96jxub) \\n[Osquery](/kibana/app/dashboards#/view/9d0e2da0-14e1-11e9-82f7-0da02d93a48b) \\n[OSSEC](/kibana/app/dashboards#/view/3a457d70-3583-11e7-a588-05992195c551)  \\n[Sysmon](/kibana/app/dashboards#/view/6d189680-6d62-11e7-8ddb-e71eb260f4a3) \\n\\n**Other** \\n[Domain Stats](/kibana/app/dashboards#/view/AWAi6wvxAvKNGEbUWO_j) \\n[Firewall](/kibana/app/dashboards#/view/50173bd0-3582-11e7-98ef-19df58fe538b) \\n[Frequency](/kibana/app/dashboards#/view/AWAi5k4jAvKNGEbUWFis) \\n[Stats](/kibana/app/dashboards#/view/130017f0-46ce-11e7-946f-1bfb1be7c36b) \\n[Syslog](/kibana/app/dashboards#/view/4323af90-76e5-11e7-ab14-e1a4c1bc11e0)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"},"coreMigrationVersion":"7.16.2","id":"b3b449d0-3429-11e7-9d52-4f090484f59e","migrationVersion":{"visualization":"7.14.0"},"references":[],"sort":[1643385898421,49],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjgxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Source IP Addresses","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - Source IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"66e26ad0-3580-11e7-98ef-19df58fe538b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,51],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjgyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Destination IP Addresses","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - Destination IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"7c47b650-3580-11e7-98ef-19df58fe538b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,53],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjgzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Notice Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - Notice Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"note.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"07fdf9e0-39ad-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,55],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjg0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - File MIME Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - File MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file_mime_type.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"53c62730-39ad-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,57],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjg1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - File Description","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - File Description\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file_description.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"793c2640-39ad-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,59],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjg2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Notice - Destination Port (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Notice - Destination Port (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}"},"coreMigrationVersion":"7.16.2","id":"e85e2150-6e0e-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,61],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjg3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Notice - Message/Sub-Message","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Notice - Message/Sub-Message\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"msg.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Message\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sub_msg.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sub-Message\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"bfeb6210-7bb9-11e7-90ec-cdd3dff73b38","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,63],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjg4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Notices - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDG1uC-xQT5EBNmq3dP","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,65],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjg5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Bro - Notices - Notice Types","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Notices - Notice Types\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"note.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Note\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}"},"coreMigrationVersion":"7.16.2","id":"2a949080-4a3d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,67],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjkwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Notices - Destination Country","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"7.16.2","id":"1a879c90-4ca5-11e8-888d-71b91451cf05","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,69],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjkxLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":48,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":48,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":72,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":72,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":136,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":16,\"x\":8,\"y\":32,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":40,\"x\":0,\"y\":96,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":160,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":8,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":8,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"}]","timeRestore":false,"title":"z16.04 - Bro - Notices","version":1},"coreMigrationVersion":"7.16.2","id":"01600fb0-34e4-11e7-9669-7f1d3242b798","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"3027c4f0-34e4-11e7-9669-7f1d3242b798","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"66e26ad0-3580-11e7-98ef-19df58fe538b","name":"panel_2","type":"visualization"},{"id":"7c47b650-3580-11e7-98ef-19df58fe538b","name":"panel_3","type":"visualization"},{"id":"07fdf9e0-39ad-11e7-8472-0151e5b2b475","name":"panel_4","type":"visualization"},{"id":"53c62730-39ad-11e7-8472-0151e5b2b475","name":"panel_5","type":"visualization"},{"id":"793c2640-39ad-11e7-8472-0151e5b2b475","name":"panel_6","type":"visualization"},{"id":"e85e2150-6e0e-11e7-8624-1fb07dd76c6a","name":"panel_7","type":"visualization"},{"id":"bfeb6210-7bb9-11e7-90ec-cdd3dff73b38","name":"panel_8","type":"visualization"},{"id":"AWDG1uC-xQT5EBNmq3dP","name":"panel_9","type":"visualization"},{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"panel_10","type":"search"},{"id":"2a949080-4a3d-11e8-9b0a-f1d33346f773","name":"panel_11","type":"visualization"},{"id":"1a879c90-4ca5-11e8-888d-71b91451cf05","name":"panel_12","type":"visualization"}],"sort":[1643385898421,83],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjkyLDE1XQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ntlm\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"NTLM - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,85],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjkzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NTLM - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per minute\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"36f23eb0-3ab0-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,87],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjk0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Hostname","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hostname.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"e2c8e040-3ab0-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,89],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjk1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Username","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\"title\":\"NTLM - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"4d869ee0-3ab1-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,91],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjk2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"d37b9330-3af1-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,93],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjk3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"f3a92f50-3af1-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,95],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjk4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"d7f162b0-6e1c-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,97],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNjk5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"NTLM - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHCEx7xQT5EBNmq4Vf","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,99],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzAwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NTLM - Hostname to Username","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Hostname to Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hostname.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"domain_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}]}"},"coreMigrationVersion":"7.16.2","id":"75ab1050-4a59-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,101],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzAxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Server NetBIOS Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Server NetBIOS Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_nb_computer_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server NetBIOS Name\"}}]}"},"coreMigrationVersion":"7.16.2","id":"c23ea470-0edc-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,103],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzAyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Server DNS Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Server DNS Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_dns_computer_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server DNS Name\"}}]}"},"coreMigrationVersion":"7.16.2","id":"ee6a03f0-0edc-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,105],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzAzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Server Tree Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Server Tree Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_tree_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Tree Name\"}}]}"},"coreMigrationVersion":"7.16.2","id":"2a054320-0edd-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,107],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzA0LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":53,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":77,\"w\":48,\"h\":24,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":24,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":8,\"w\":12,\"h\":24,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":53,\"w\":16,\"h\":24,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":53,\"w\":16,\"h\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":32,\"y\":53,\"w\":16,\"h\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":24,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":35,\"y\":32,\"w\":13,\"h\":21,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":22,\"y\":32,\"w\":13,\"h\":21,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":32,\"w\":14,\"h\":21,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"}]","timeRestore":false,"title":"z16.04 - Bro - NTLM","version":1},"coreMigrationVersion":"7.16.2","id":"022713e0-3ab0-11e7-a83b-b1b4da7d15f4","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"36f23eb0-3ab0-11e7-a83b-b1b4da7d15f4","name":"panel_1","type":"visualization"},{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"panel_2","type":"search"},{"id":"e2c8e040-3ab0-11e7-a83b-b1b4da7d15f4","name":"panel_3","type":"visualization"},{"id":"4d869ee0-3ab1-11e7-a83b-b1b4da7d15f4","name":"panel_4","type":"visualization"},{"id":"d37b9330-3af1-11e7-a83b-b1b4da7d15f4","name":"panel_5","type":"visualization"},{"id":"f3a92f50-3af1-11e7-a83b-b1b4da7d15f4","name":"panel_6","type":"visualization"},{"id":"d7f162b0-6e1c-11e7-b553-7f80727663c1","name":"panel_7","type":"visualization"},{"id":"AWDHCEx7xQT5EBNmq4Vf","name":"panel_8","type":"visualization"},{"id":"75ab1050-4a59-11e8-9b0a-f1d33346f773","name":"panel_9","type":"visualization"},{"id":"c23ea470-0edc-11e9-9846-59f545e7293f","name":"panel_10","type":"visualization"},{"id":"ee6a03f0-0edc-11e9-9846-59f545e7293f","name":"panel_11","type":"visualization"},{"id":"2a054320-0edd-11e9-9846-59f545e7293f","name":"panel_12","type":"visualization"}],"sort":[1643385898421,121],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzA1LDE1XQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.category:network\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - Network Data","version":1},"coreMigrationVersion":"7.16.2","id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","migrationVersion":{"search":"7.9.3"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,123],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzA2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network - Source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Network - Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"source.ip: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"},"coreMigrationVersion":"7.16.2","id":"0242ab70-6eae-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1643385898421,125],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzA3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Security Onion - Files","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Files\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645) \\n \\n**Modules** \\n[Strelka](/kibana/app/dashboards#/view/ff689c50-75f3-11ea-9565-7315f4ee5cac) \\n[Zeek](/kibana/app/dashboards#/view/ad4d5d60-75f4-11ea-9565-7315f4ee5cac)\"},\"aggs\":[]}"},"coreMigrationVersion":"7.16.2","id":"9a5058f0-6e99-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[],"sort":[1643385898421,126],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzA4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Log Count Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":false,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT30M\",\"intervalESValue\":30,\"intervalESUnit\":\"m\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-03-29T18:17:18.800Z\",\"max\":\"2020-03-30T18:17:18.800Z\"}},\"label\":\"@timestamp per 30 minutes\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\",\"mode\":\"quick\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"7.16.2","id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,128],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzA5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.module:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Modules","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.module.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Module\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"event.module.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"title\":\"Security Onion - Modules\"}"},"coreMigrationVersion":"7.16.2","id":"8b065a80-6eca-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,130],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzEwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Dataset","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Dataset\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Dataset\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"event.dataset.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.dataset.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"}}]}"},"coreMigrationVersion":"7.16.2","id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,132],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzExLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - File - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - File - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"},"coreMigrationVersion":"7.16.2","id":"bcf25e30-75f1-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,134],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzEyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FIle - Total Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"Security Onion - FIle - Total Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.bytes.total: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.bytes.total\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Total Bytes\"}}]}"},"coreMigrationVersion":"7.16.2","id":"efc25540-75f1-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,136],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzEzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - File - MIME Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - File - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.mime_type.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.mime_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MIMEType\"}}]}"},"coreMigrationVersion":"7.16.2","id":"e8d35c50-75f3-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,138],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzE0LDE1XQ=="} -{"attributes":{"columns":["event.module","source.ip","destination.ip","file.mime_type","log.id.fuid","hash.sha1","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:file*\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"Security Onion - File Logs","version":1},"coreMigrationVersion":"7.16.2","id":"b0dc2460-0e4d-11eb-a255-e1e8e85e3571","migrationVersion":{"search":"7.9.3"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,140],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzE1LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:file*\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":7,\"i\":\"6948ea4a-398f-4ab1-a269-e1e6ecd29e12\"},\"panelIndex\":\"6948ea4a-398f-4ab1-a269-e1e6ecd29e12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":7,\"y\":0,\"w\":15,\"h\":7,\"i\":\"d09eef70-f2b5-4085-b619-11cae812be58\"},\"panelIndex\":\"d09eef70-f2b5-4085-b619-11cae812be58\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":22,\"y\":0,\"w\":26,\"h\":7,\"i\":\"0dd18bd2-6631-4772-b3d0-4a92ff713e3a\"},\"panelIndex\":\"0dd18bd2-6631-4772-b3d0-4a92ff713e3a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":7,\"w\":8,\"h\":20,\"i\":\"86d343d4-c030-46a3-9f3e-083ccbf28b04\"},\"panelIndex\":\"86d343d4-c030-46a3-9f3e-083ccbf28b04\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":8,\"y\":7,\"w\":8,\"h\":20,\"i\":\"2fb5d1e8-4ac6-42c4-852e-9046c2970086\"},\"panelIndex\":\"2fb5d1e8-4ac6-42c4-852e-9046c2970086\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":16,\"y\":7,\"w\":10,\"h\":20,\"i\":\"7875de58-924b-4b27-bd51-159b5657659f\"},\"panelIndex\":\"7875de58-924b-4b27-bd51-159b5657659f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":26,\"y\":7,\"w\":10,\"h\":20,\"i\":\"f1f8a5c7-9e9f-460d-a2b8-eaca8d834c6b\"},\"panelIndex\":\"f1f8a5c7-9e9f-460d-a2b8-eaca8d834c6b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":36,\"y\":7,\"w\":12,\"h\":20,\"i\":\"06055634-ec80-478d-93d5-67e1cc46e1ab\"},\"panelIndex\":\"06055634-ec80-478d-93d5-67e1cc46e1ab\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":20,\"i\":\"cfa99d8f-e7d6-46d5-9e7f-5dc5c3371275\"},\"panelIndex\":\"cfa99d8f-e7d6-46d5-9e7f-5dc5c3371275\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - Files","version":1},"coreMigrationVersion":"7.16.2","id":"0245be10-6ec1-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"9a5058f0-6e99-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"8b065a80-6eca-11ea-9266-1fd14ca6af34","name":"panel_3","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_4","type":"visualization"},{"id":"bcf25e30-75f1-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"efc25540-75f1-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"e8d35c50-75f3-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"b0dc2460-0e4d-11eb-a255-e1e8e85e3571","name":"panel_8","type":"search"}],"sort":[1643385898421,150],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzE2LDE1XQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SSL - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,152],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzE3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SSL - Version (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SSL - Version (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"version.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"7.16.2","id":"02699580-365a-11e7-bf60-314364dd1cde","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,154],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzE4LDE1XQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_sip\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SIP - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"9e131480-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,156],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzE5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SIP - Status","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"status_code\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Code\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"status_msg.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Message\"}}]}"},"coreMigrationVersion":"7.16.2","id":"0291dba0-4c78-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,158],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzIwLDE1XQ=="} -{"attributes":{"fieldAttrs":"{\"event.action\":{\"count\":8},\"host.user.name\":{\"count\":2},\"endgame.event_type_full\":{\"count\":5},\"host.name\":{\"count\":7},\"host.os.name\":{\"count\":3},\"host.os.name.text\":{\"count\":1},\"endgame.event_subtype_full\":{\"count\":3},\"event.category\":{\"count\":5},\"process.name\":{\"count\":6},\"process.parent.name\":{\"count\":1},\"agent.id\":{\"count\":2},\"process.executable\":{\"count\":3},\"type\":{\"count\":3},\"host.name.keyword\":{\"count\":2},\"event.sequence\":{\"count\":3},\"host.os.family\":{\"count\":1},\"host.os.platform\":{\"count\":1},\"event.type\":{\"count\":8},\"metadata.action\":{\"count\":2},\"user.name\":{\"count\":1},\"@version\":{\"count\":2},\"@timestamp\":{\"count\":1},\"registry.path\":{\"count\":1},\"related.user\":{\"count\":1},\"event.kind\":{\"count\":1},\"event.severity\":{\"count\":1},\"file.name\":{\"count\":4},\"host.domain\":{\"count\":1},\"process.command_line\":{\"count\":1},\"_id\":{\"count\":1},\"client.bytes\":{\"count\":2},\"destination.bytes\":{\"count\":2},\"network.bytes\":{\"count\":2},\"server.bytes\":{\"count\":2},\"source.bytes\":{\"count\":2},\"client.ip\":{\"count\":1},\"destination.ip\":{\"count\":1},\"source.ip\":{\"count\":1},\"file.attributes\":{\"count\":6},\"file.directory\":{\"count\":3},\"file.extension\":{\"count\":2},\"file.gid\":{\"count\":2},\"file.group\":{\"count\":2},\"host.hostname\":{\"count\":1},\"host.ip\":{\"count\":1},\"related.ip\":{\"count\":2},\"user.domain\":{\"count\":2}}","fieldFormatMap":"{\"process.name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:process.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(process.name:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"user.name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:user.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(user.name:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:file.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.name:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.type\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:file.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.name:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"event.module\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:event.module,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"network.transport\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:network.transport,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(network.transport:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"source.ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:source.ip,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(source.ip:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"host.name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:host.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(host.name:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"registry.key\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:registry.key,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(registry.key:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"host.ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:host.ip,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(host.ip:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"destination.ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:destination.ip,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(destination.ip:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"event.category.dashboard\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"{{ rawValue }}\",\"labelTemplate\":\"{{ value }}\"}}}","fields":"[]","runtimeFieldMap":"{\"event.category.dashboard\":{\"type\":\"keyword\",\"script\":{\"source\":\"def source = doc['event.category'].value;\\nMap urls = new HashMap();\\nurls.put(\\\"authentication\\\", \\\"dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635\\\");\\nurls.put(\\\"file\\\", \\\"dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635\\\");\\nurls.put(\\\"network\\\", \\\"dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36\\\");\\nurls.put(\\\"process\\\", \\\"dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635\\\");\\nurls.put(\\\"registry\\\", \\\"dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635\\\");\\nurls.put(\\\"driver\\\", \\\"dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635\\\");\\nif (source != null) {\\n\\tdef url = urls.get(source);\\n\\tif (url != null) {\\n\\t\\temit(url);\\n return;\\n\\t}\\n}\\nemit(\\\"None\\\");\"}}}","timeFieldName":"@timestamp","title":"endgame-*","typeMeta":"{}"},"coreMigrationVersion":"7.16.2","id":"endgame-*","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"sort":[1643385898421,159],"type":"index-pattern","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzIxLDE1XQ=="} -{"attributes":{"columns":["host.name","registry.path","related.user"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.category : \\\"registry\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Endgame - Registry Events","version":1},"coreMigrationVersion":"7.16.2","id":"0359b740-64cc-11ec-864c-8b5450f97635","migrationVersion":{"search":"7.9.3"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,161],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzIyLDE1XQ=="} -{"attributes":{"color":"#D36086","description":"","name":"Endgame"},"coreMigrationVersion":"7.16.2","id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","references":[],"sort":[1643385898421,162],"type":"tag","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzIzLDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"1828f449-a2e9-4ed2-a72c-e6f22382569e":{"columnOrder":["e5498d4d-b9af-4016-8afc-e4639ceb6c10","e5acabfb-508c-4778-adfb-e41ca3adbc23","cf39428c-7790-4793-8906-cb5f02fd2f0f","f42194c4-5434-42cb-ad39-e2756562f3ed","25c7f5d8-ce06-4da5-b769-820ba42e328e","d043970e-d696-48bc-905d-8f1f45019e3d"],"columns":{"25c7f5d8-ce06-4da5-b769-820ba42e328e":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"host.os.family","operationType":"terms","params":{"missingBucket":false,"orderBy":{"fallback":true,"type":"alphabetical"},"orderDirection":"asc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"host.os.family"},"cf39428c-7790-4793-8906-cb5f02fd2f0f":{"customLabel":true,"dataType":"ip","isBucketed":true,"label":"host.ip","operationType":"terms","params":{"missingBucket":false,"orderBy":{"fallback":true,"type":"alphabetical"},"orderDirection":"asc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"host.ip"},"d043970e-d696-48bc-905d-8f1f45019e3d":{"customLabel":true,"dataType":"string","isBucketed":false,"label":"host.os.version","operationType":"last_value","params":{"sortField":"@timestamp"},"scale":"ordinal","sourceField":"host.os.version"},"e5498d4d-b9af-4016-8afc-e4639ceb6c10":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"host.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"fallback":true,"type":"alphabetical"},"orderDirection":"asc","otherBucket":true,"size":5},"scale":"ordinal","sourceField":"host.name"},"e5acabfb-508c-4778-adfb-e41ca3adbc23":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"host.id","operationType":"terms","params":{"missingBucket":false,"orderBy":{"fallback":true,"type":"alphabetical"},"orderDirection":"asc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"host.id"},"f42194c4-5434-42cb-ad39-e2756562f3ed":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"host.os.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"fallback":true,"type":"alphabetical"},"orderDirection":"asc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"host.os.name"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"columns":[{"columnId":"e5498d4d-b9af-4016-8afc-e4639ceb6c10","isTransposed":false,"width":460.98333333333335},{"columnId":"cf39428c-7790-4793-8906-cb5f02fd2f0f","isTransposed":false,"width":254.98333333333332},{"columnId":"d043970e-d696-48bc-905d-8f1f45019e3d","isTransposed":false,"width":175.98333333333335},{"columnId":"f42194c4-5434-42cb-ad39-e2756562f3ed","isTransposed":false,"width":200.98333333333335},{"columnId":"e5acabfb-508c-4778-adfb-e41ca3adbc23","isTransposed":false,"width":515.8333333333334},{"columnId":"25c7f5d8-ce06-4da5-b769-820ba42e328e","isTransposed":false,"width":201.23333333333332}],"layerId":"1828f449-a2e9-4ed2-a72c-e6f22382569e","layerType":"data"}},"title":"Endgame - Host Information Table","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"03935e10-6a20-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-1828f449-a2e9-4ed2-a72c-e6f22382569e","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,166],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzI0LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"9643f560-7a46-408c-b61d-ed2a87fc6103":{"columnOrder":["305b2f21-9981-40d5-a79b-f7a78eea89b4","3520723b-f0f3-4845-975c-e97380d8124b"],"columns":{"305b2f21-9981-40d5-a79b-f7a78eea89b4":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"process.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"3520723b-f0f3-4845-975c-e97380d8124b","type":"column"},"orderDirection":"desc","otherBucket":true,"size":20},"scale":"ordinal","sourceField":"process.name"},"3520723b-f0f3-4845-975c-e97380d8124b":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":"event.kind : \"alert\" "},"visualization":{"layers":[{"categoryDisplay":"default","groups":["305b2f21-9981-40d5-a79b-f7a78eea89b4"],"layerId":"9643f560-7a46-408c-b61d-ed2a87fc6103","layerType":"data","legendDisplay":"default","metric":"3520723b-f0f3-4845-975c-e97380d8124b","nestedLegend":false,"numberDisplay":"percent"}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"treemap"}},"title":"Endgame - Alert Process","visualizationType":"lnsPie"},"coreMigrationVersion":"7.16.2","id":"0406add0-6e48-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-9643f560-7a46-408c-b61d-ed2a87fc6103","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,170],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzI1LDE1XQ=="} -{"attributes":{"columns":["osquery.columns.permissions","osquery.columns.name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event_type: osquery AND osquery.name:*chrome* AND osquery.columns.permissions:('all_urls','privacy')\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"osquery - Chrome Extensions - Sensitive Permissions","version":1},"coreMigrationVersion":"7.16.2","id":"040dda10-18d8-11e9-932c-d12d2cf4ee95","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,172],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzI2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"04e1aea0-3750-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,174],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzI3LDE1XQ=="} -{"attributes":{"columns":["osquery.hostname","osquery.columns.username","osquery.LiveQuery","osquery.columns.name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event_type: osquery AND osquery.name:*chrome*\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"osquery - Chrome Extensions","version":1},"coreMigrationVersion":"7.16.2","id":"0eee4360-18d4-11e9-932c-d12d2cf4ee95","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,176],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzI4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Chrome Extensions - Changes by Hostname","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\"title\":\"osquery - Chrome Extensions - Changes by Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Changes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.hostname.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}]}"},"coreMigrationVersion":"7.16.2","id":"04f86530-1a59-11e9-ac0b-cb0ba10141ab","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"0eee4360-18d4-11e9-932c-d12d2cf4ee95","name":"search_0","type":"search"}],"sort":[1643385898421,178],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzI5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"network.protocol:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Top Network Protocols","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Top Network Protocols\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":false,\"metric\":{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}}},\"bucket\":{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.protocol.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}"},"coreMigrationVersion":"7.16.2","id":"d9eb5b30-6ea9-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,180],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzMwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network - Transport","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Network - Transport\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":false,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"network.transport: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.16.2","id":"79cc9670-6ead-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1643385898421,182],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzMxLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.category: network\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.2\",\"gridData\":{\"h\":9,\"i\":\"b18f064d-2fba-45d8-a3c3-700ecec939a3\",\"w\":13,\"x\":0,\"y\":0},\"panelIndex\":\"b18f064d-2fba-45d8-a3c3-700ecec939a3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":9,\"i\":\"3bf59d17-132e-47bc-b548-e1e073491ec5\",\"w\":14,\"x\":13,\"y\":0},\"panelIndex\":\"3bf59d17-132e-47bc-b548-e1e073491ec5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":9,\"i\":\"49c9ae10-3f16-4cec-b044-c5cf2db199ae\",\"w\":21,\"x\":27,\"y\":0},\"panelIndex\":\"49c9ae10-3f16-4cec-b044-c5cf2db199ae\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":19,\"i\":\"87427ca5-e0b9-4ec8-bb5f-3452803befe1\",\"w\":13,\"x\":0,\"y\":9},\"panelIndex\":\"87427ca5-e0b9-4ec8-bb5f-3452803befe1\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":19,\"i\":\"3d3199e1-d839-4738-bc99-e030365b7070\",\"w\":11,\"x\":13,\"y\":9},\"panelIndex\":\"3d3199e1-d839-4738-bc99-e030365b7070\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":19,\"i\":\"a7745b0f-1c69-4837-9f7e-3d79b5a2ac60\",\"w\":12,\"x\":24,\"y\":9},\"panelIndex\":\"a7745b0f-1c69-4837-9f7e-3d79b5a2ac60\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":19,\"i\":\"221a543a-98d4-46dd-8e7c-bf97bb292021\",\"w\":12,\"x\":36,\"y\":9},\"panelIndex\":\"221a543a-98d4-46dd-8e7c-bf97bb292021\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":29,\"i\":\"55902091-6959-4127-a969-4015fbf124d3\",\"w\":48,\"x\":0,\"y\":28},\"panelIndex\":\"55902091-6959-4127-a969-4015fbf124d3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Network","version":1},"coreMigrationVersion":"7.16.2","id":"04ff3ef0-6ea4-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"d9eb5b30-6ea9-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"79cc9670-6ead-11ea-9266-1fd14ca6af34","name":"panel_3","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_4","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"search"}],"sort":[1643385898421,191],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzMyLDE1XQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"event_type:bro_conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Connections - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"9bf42190-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,193],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzMzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Missed Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Missed Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"missed_bytes\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Missed Bytes\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"05088150-3670-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,195],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzM0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMB - Path","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMB - Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"smb.path.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smb.path.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Path\"}}]}"},"coreMigrationVersion":"7.16.2","id":"052df440-75f0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,197],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzM1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Rule - GID/SID","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Rule - GID/SID\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"GID\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"SID\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rule.rev: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.gid\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"GID\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.signature_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SID\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.rev\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Revision\"}}]}"},"coreMigrationVersion":"7.16.2","id":"053f7130-7734-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,199],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzM2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source - Originator Bytes ( Tile Map)","uiStateJSON":"{\"mapZoom\":3,\"mapCenter\":[39.70718665682654,-44.912109375]}","version":1,"visState":"{\"title\":\"Connections - Source - Originator Bytes ( Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"original_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"source_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"05809df0-46cb-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,201],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzM3LDE1XQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event_type: osquery\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"osquery - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"84116380-14e1-11e9-82f7-0da02d93a48b","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,203],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzM4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Changes by Hostname","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"osquery - Changes by Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Changes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.hostname.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}]}"},"coreMigrationVersion":"7.16.2","id":"05a5ed10-14e4-11e9-82f7-0da02d93a48b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"84116380-14e1-11e9-82f7-0da02d93a48b","name":"search_0","type":"search"}],"sort":[1643385898421,205],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzM5LDE1XQ=="} -{"attributes":{"columns":["source_ip","destination_ip","destination_port","uid","fuid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ftp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"FTP - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,207],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzQwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"FTP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"06f21d60-35b6-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,209],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzQxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNS - Query","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DNS - Query\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dns.query.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.query.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Query\"}}]}"},"coreMigrationVersion":"7.16.2","id":"07065340-72ba-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,211],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzQyLDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"b40ff395-6c20-4678-8aab-a74568f9a5cf":{"columnOrder":["7588aa5a-05de-44d8-952a-7e7f7f6e5519","0a2006cd-c185-4cf3-b9dc-7b395ca048cf","1fed253e-8c24-4b33-94e4-1114efd871b4","fa5b5762-e154-4170-8e31-110029d67cd0"],"columns":{"0a2006cd-c185-4cf3-b9dc-7b395ca048cf":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"user.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"fa5b5762-e154-4170-8e31-110029d67cd0","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"user.name"},"1fed253e-8c24-4b33-94e4-1114efd871b4":{"customLabel":true,"dataType":"string","isBucketed":false,"label":"event.outcome","operationType":"last_value","params":{"sortField":"@timestamp"},"scale":"ordinal","sourceField":"event.outcome"},"7588aa5a-05de-44d8-952a-7e7f7f6e5519":{"customLabel":true,"dataType":"ip","isBucketed":true,"label":"host.ip","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"fa5b5762-e154-4170-8e31-110029d67cd0","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"host.ip"},"fa5b5762-e154-4170-8e31-110029d67cd0":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.category","negate":false,"params":{"query":"authentication"},"type":"phrase"},"query":{"match_phrase":{"event.category":"authentication"}}}],"query":{"language":"kuery","query":""},"visualization":{"columns":[{"columnId":"1fed253e-8c24-4b33-94e4-1114efd871b4"},{"columnId":"7588aa5a-05de-44d8-952a-7e7f7f6e5519","isTransposed":false},{"columnId":"fa5b5762-e154-4170-8e31-110029d67cd0","isTransposed":false},{"columnId":"0a2006cd-c185-4cf3-b9dc-7b395ca048cf","isTransposed":false}],"layerId":"b40ff395-6c20-4678-8aab-a74568f9a5cf","layerType":"data"}},"title":"Endgame - Auth Event Outcome","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"072ae530-6d6c-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-b40ff395-6c20-4678-8aab-a74568f9a5cf","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,216],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzQzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - PE - Section","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.section_names.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Section\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - PE - Section\"}"},"coreMigrationVersion":"7.16.2","id":"07419650-c763-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,218],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzQ0LDE1XQ=="} -{"attributes":{"columns":["source_ip","destination_ip","destination_port","uid","fuid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_intel\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Intel - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,220],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzQ1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Intel - Indicator Type (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Intel - Indicator Type (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0,\"filter\":true},\"title\":{\"text\":\"Indicator Type\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"indicator_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Indicator Type\"}}]}"},"coreMigrationVersion":"7.16.2","id":"07622d60-6e16-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,222],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzQ2LDE1XQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_mysql\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"MySQL - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"5d624230-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,224],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzQ3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"MySQL - Command/Argument","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"MySQL - Command/Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql_command.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql_argument.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Argument\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"07e25650-3812-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,226],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzQ4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - HTTP - Method","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"http.method.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.method.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"}}]}"},"coreMigrationVersion":"7.16.2","id":"088aad70-7377-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,228],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzQ5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Hash - SHA256","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Hash - SHA256\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.hash.sha256.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hash.sha256.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.16.2","id":"08c0b770-772e-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,230],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzUwLDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"a4e4fe43-0662-4a4f-a5b1-57b8f6475336":{"columnOrder":["198124aa-9a71-41ea-bcc5-1938e8373b85","80ce6212-7318-4c10-90ad-bb58171524d0","556f58d4-2449-46ab-ba8c-db6846dcb74a","fa795a61-1d89-491e-87de-ba6469644719"],"columns":{"198124aa-9a71-41ea-bcc5-1938e8373b85":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"server.address","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"fa795a61-1d89-491e-87de-ba6469644719","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"server.address"},"556f58d4-2449-46ab-ba8c-db6846dcb74a":{"dataType":"number","isBucketed":true,"label":"server.port","operationType":"range","params":{"maxBars":"auto","ranges":[{"from":0,"label":"","to":1000}],"type":"histogram"},"scale":"interval","sourceField":"server.port"},"80ce6212-7318-4c10-90ad-bb58171524d0":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"network.transport","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"fa795a61-1d89-491e-87de-ba6469644719","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"network.transport"},"fa795a61-1d89-491e-87de-ba6469644719":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.category","negate":false,"params":{"query":"network"},"type":"phrase"},"query":{"match_phrase":{"event.category":"network"}}}],"query":{"language":"kuery","query":""},"visualization":{"columns":[{"columnId":"198124aa-9a71-41ea-bcc5-1938e8373b85","isTransposed":false},{"columnId":"80ce6212-7318-4c10-90ad-bb58171524d0","isTransposed":false},{"columnId":"fa795a61-1d89-491e-87de-ba6469644719","isTransposed":false},{"columnId":"556f58d4-2449-46ab-ba8c-db6846dcb74a","isTransposed":false}],"layerId":"a4e4fe43-0662-4a4f-a5b1-57b8f6475336","layerType":"data"}},"title":"Endgame - Network Transport","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"09227f50-6e44-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-a4e4fe43-0662-4a4f-a5b1-57b8f6475336","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,235],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzUxLDE1XQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssh\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SSH - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"c33e7600-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,237],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzUyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SSH - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"09457310-3641-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,239],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzUzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Hash - MD5","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Hash - MD5\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hash.md5.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MD5\"}}]}"},"coreMigrationVersion":"7.16.2","id":"09fc6ef0-7732-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,241],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzU0LDE1XQ=="} -{"attributes":{"columns":["source_ip","syslog-host_from","syslog-priority"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"tags:syslog\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Syslog (All) - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,243],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzU1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Syslog - Host From","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Syslog - Host From\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-host_from.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Host (From)\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"0a2ce700-76e6-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"search_0","type":"search"}],"sort":[1643385898421,245],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzU2LDE1XQ=="} -{"attributes":{"columns":["host","certificate_subject","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"X.509 - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,247],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzU3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Certificate Issuer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_issuer.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"0a5f7b30-37d9-11e7-9efb-91e89505091f","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,249],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzU4LDE1XQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_rdp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"RDP - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"823dd600-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,251],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzU5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RDP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"0b9dea80-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,253],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzYwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RDP - Certificate Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RDP - Certificate Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rdp.certificate_type.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rdp.certificate_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"}}]}"},"coreMigrationVersion":"7.16.2","id":"0c006bb0-75c6-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,255],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzYxLDE1XQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"DNS - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"d46522e0-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,257],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzYyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Query Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Query Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query_type_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query Type\"}}]}"},"coreMigrationVersion":"7.16.2","id":"0c338e50-4a4e-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,259],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzYzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"title":"Endgame - Navigation","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - Navigation\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":true,\"markdown\":\"**Kibana** \\n[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635) \\n \\n[Alerts](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) |\\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame Console** \\n [Dashboard](https://ENDGAMEHOST/dashboard) | [Alerts](https://ENDGAMEHOST/alerts/dashboard)\"}}"},"coreMigrationVersion":"7.16.2","id":"754f7380-6d82-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"},{"id":"0b963f20-6f9c-11ec-864c-8b5450f97635","name":"tag-0b963f20-6f9c-11ec-864c-8b5450f97635","type":"tag"}],"sort":[1643385898421,262],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzY0LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"842f61f9-afc4-44dc-a6bd-e3cc66a8827b":{"columnOrder":["2834ba67-2809-442b-b80b-4b17d3a67d43"],"columns":{"2834ba67-2809-442b-b80b-4b17d3a67d43":{"customLabel":true,"dataType":"number","isBucketed":false,"label":" Count","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":"event.kind : \"alert\" "},"visualization":{"accessor":"2834ba67-2809-442b-b80b-4b17d3a67d43","layerId":"842f61f9-afc4-44dc-a6bd-e3cc66a8827b","layerType":"data"}},"title":"Endgame - Alerts All Logs","visualizationType":"lnsMetric"},"coreMigrationVersion":"7.16.2","id":"914d4890-6e46-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-842f61f9-afc4-44dc-a6bd-e3cc66a8827b","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,266],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzY1LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"0600494b-6f03-450b-8dab-981005aedf32":{"columnOrder":["0f00561d-d6d7-46b2-af59-4ea225a9893a","34e0e2cc-aab4-4581-9bc4-aba527024007"],"columns":{"0f00561d-d6d7-46b2-af59-4ea225a9893a":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"34e0e2cc-aab4-4581-9bc4-aba527024007":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"format":{"id":"number","params":{"decimals":0}}},"scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":"event.kind : \"alert\" "},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":false,"yLeft":true,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":0},"layers":[{"accessors":["34e0e2cc-aab4-4581-9bc4-aba527024007"],"layerId":"0600494b-6f03-450b-8dab-981005aedf32","layerType":"data","position":"top","seriesType":"bar","showGridlines":false,"xAccessor":"0f00561d-d6d7-46b2-af59-4ea225a9893a"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"bar","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","yLeftExtent":{"mode":"full"},"yRightExtent":{"mode":"full"}}},"title":"Endgame - Alert Logs Over Time","visualizationType":"lnsXY"},"coreMigrationVersion":"7.16.2","id":"d94cae10-6e46-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-0600494b-6f03-450b-8dab-981005aedf32","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,270],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzY2LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"3b6026b4-9c36-4fbc-9f90-bd5580303bea":{"columnOrder":["d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721","ff0a89b4-427d-4739-bb83-86794a1f4289"],"columns":{"d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"user.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"ff0a89b4-427d-4739-bb83-86794a1f4289","type":"column"},"orderDirection":"desc","otherBucket":true,"size":20},"scale":"ordinal","sourceField":"user.name"},"ff0a89b4-427d-4739-bb83-86794a1f4289":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":"event.kind : \"alert\" "},"visualization":{"columns":[{"columnId":"d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721"},{"columnId":"ff0a89b4-427d-4739-bb83-86794a1f4289"}],"layerId":"3b6026b4-9c36-4fbc-9f90-bd5580303bea","layerType":"data"}},"title":"Endgame - Alert User Name","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"f376b820-6e47-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-3b6026b4-9c36-4fbc-9f90-bd5580303bea","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,274],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzY3LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"3dff58f4-dda3-4f2d-9e31-d8552e12eb13":{"columnOrder":["8e1fb558-637d-42a8-9127-002e698bde8a","8546cccc-256d-4ef9-8de6-2825a3a5a649","f6f670d2-0af3-4432-97d4-8ac112cb7102"],"columns":{"8546cccc-256d-4ef9-8de6-2825a3a5a649":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"command_line","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"f6f670d2-0af3-4432-97d4-8ac112cb7102","type":"column"},"orderDirection":"desc","otherBucket":true,"size":5},"scale":"ordinal","sourceField":"process.command_line"},"8e1fb558-637d-42a8-9127-002e698bde8a":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"host.domain","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"f6f670d2-0af3-4432-97d4-8ac112cb7102","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"host.domain"},"f6f670d2-0af3-4432-97d4-8ac112cb7102":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":"event.kind : \"alert\" "},"visualization":{"columns":[{"columnId":"8546cccc-256d-4ef9-8de6-2825a3a5a649","isTransposed":false,"width":432.33333333333337},{"columnId":"8e1fb558-637d-42a8-9127-002e698bde8a","isTransposed":false,"width":197.83333333333331},{"columnId":"f6f670d2-0af3-4432-97d4-8ac112cb7102","isTransposed":false}],"layerId":"3dff58f4-dda3-4f2d-9e31-d8552e12eb13","layerType":"data"}},"title":"Endgame - Alerts Host Domain","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"1fd82420-6e3a-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-3dff58f4-dda3-4f2d-9e31-d8552e12eb13","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,278],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzY4LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"46832f84-f86b-4914-a3ac-aaeda9f09cf7":{"columnOrder":["77069155-4e9a-4727-b888-648fed60258e","e7878efe-2181-449d-afd3-771296665829","738c056c-c4eb-4855-a690-90fa5b9e23f8","02c8c47e-9b96-4384-b467-1fd9cff2b78b","d61f74aa-1899-4881-a2cc-d0dc7cbf28df","6de07e81-5ee7-4885-af47-26b401667757","895abdf3-8c99-4473-a904-b379d478aae1","e30b3573-c58d-4b82-853d-70c1d090d641"],"columns":{"02c8c47e-9b96-4384-b467-1fd9cff2b78b":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"process.command_line","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"e30b3573-c58d-4b82-853d-70c1d090d641","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"process.command_line"},"6de07e81-5ee7-4885-af47-26b401667757":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"file.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"e30b3573-c58d-4b82-853d-70c1d090d641","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"file.name"},"738c056c-c4eb-4855-a690-90fa5b9e23f8":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Category","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"e30b3573-c58d-4b82-853d-70c1d090d641","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"event.category"},"77069155-4e9a-4727-b888-648fed60258e":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"event.id ","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"e30b3573-c58d-4b82-853d-70c1d090d641","type":"column"},"orderDirection":"desc","otherBucket":true,"size":20},"scale":"ordinal","sourceField":"event.id"},"895abdf3-8c99-4473-a904-b379d478aae1":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"host.domain","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"e30b3573-c58d-4b82-853d-70c1d090d641","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"host.domain"},"d61f74aa-1899-4881-a2cc-d0dc7cbf28df":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"process.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"e30b3573-c58d-4b82-853d-70c1d090d641","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"process.name"},"e30b3573-c58d-4b82-853d-70c1d090d641":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"e7878efe-2181-449d-afd3-771296665829":{"customLabel":true,"dataType":"number","isBucketed":true,"label":"Severity","operationType":"range","params":{"maxBars":"auto","ranges":[{"from":0,"label":"","to":1000}],"type":"histogram"},"scale":"interval","sourceField":"event.severity"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":"event.kind : \"alert\" "},"visualization":{"columns":[{"columnId":"77069155-4e9a-4727-b888-648fed60258e","isTransposed":false},{"alignment":"center","columnId":"e7878efe-2181-449d-afd3-771296665829","isTransposed":false},{"columnId":"738c056c-c4eb-4855-a690-90fa5b9e23f8","isTransposed":false},{"columnId":"02c8c47e-9b96-4384-b467-1fd9cff2b78b","isTransposed":false},{"columnId":"d61f74aa-1899-4881-a2cc-d0dc7cbf28df","isTransposed":false},{"columnId":"6de07e81-5ee7-4885-af47-26b401667757","isTransposed":false},{"columnId":"895abdf3-8c99-4473-a904-b379d478aae1","isTransposed":false},{"columnId":"e30b3573-c58d-4b82-853d-70c1d090d641","hidden":true,"isTransposed":false}],"layerId":"46832f84-f86b-4914-a3ac-aaeda9f09cf7","layerType":"data"}},"title":"Endgame - Alerts Events","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"ca0f3e20-6e48-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-46832f84-f86b-4914-a3ac-aaeda9f09cf7","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,282],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzY5LDE1XQ=="} -{"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.kind\",\"params\":{\"query\":\"alert\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.kind\":\"alert\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Endgame - Alert Search","version":1},"coreMigrationVersion":"7.16.2","id":"3ab5c280-6f06-11ec-864c-8b5450f97635","migrationVersion":{"search":"7.9.3"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1643385898421,285],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzcwLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.16.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":10,\"h\":11,\"i\":\"3aa898cc-eaa4-47ea-962f-fd5be8255144\"},\"panelIndex\":\"3aa898cc-eaa4-47ea-962f-fd5be8255144\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635) \\n \\n**Event Category** \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame** \\n[Endgame Alerts](https://ENDGAMEHOST/alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_3aa898cc-eaa4-47ea-962f-fd5be8255144\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":10,\"y\":0,\"w\":9,\"h\":11,\"i\":\"1ab268d3-b117-4d65-b568-d53af35bebb4\"},\"panelIndex\":\"1ab268d3-b117-4d65-b568-d53af35bebb4\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_1ab268d3-b117-4d65-b568-d53af35bebb4\",\"type\":\"lens\",\"id\":\"914d4890-6e46-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1ab268d3-b117-4d65-b568-d53af35bebb4\",\"type\":\"lens\",\"id\":\"914d4890-6e46-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1ab268d3-b117-4d65-b568-d53af35bebb4\",\"type\":\"lens\",\"id\":\"914d4890-6e46-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-842f61f9-afc4-44dc-a6bd-e3cc66a8827b\"}],\"state\":{\"visualization\":{\"layerId\":\"842f61f9-afc4-44dc-a6bd-e3cc66a8827b\",\"accessor\":\"2834ba67-2809-442b-b80b-4b17d3a67d43\",\"layerType\":\"data\"},\"query\":{\"query\":\"event.kind : \\\"alert\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"842f61f9-afc4-44dc-a6bd-e3cc66a8827b\":{\"columns\":{\"2834ba67-2809-442b-b80b-4b17d3a67d43\":{\"label\":\" \",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"2834ba67-2809-442b-b80b-4b17d3a67d43\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"panelRefName\":\"panel_1ab268d3-b117-4d65-b568-d53af35bebb4\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":19,\"y\":0,\"w\":29,\"h\":11,\"i\":\"41131702-4832-4ca2-a24c-2418181fa4bb\"},\"panelIndex\":\"41131702-4832-4ca2-a24c-2418181fa4bb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_41131702-4832-4ca2-a24c-2418181fa4bb\",\"type\":\"lens\",\"id\":\"d94cae10-6e46-11ec-864c-8b5450f97635\"},{\"name\":\"panel_41131702-4832-4ca2-a24c-2418181fa4bb\",\"type\":\"lens\",\"id\":\"d94cae10-6e46-11ec-864c-8b5450f97635\"},{\"name\":\"panel_41131702-4832-4ca2-a24c-2418181fa4bb\",\"type\":\"lens\",\"id\":\"d94cae10-6e46-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-0600494b-6f03-450b-8dab-981005aedf32\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar\",\"layers\":[{\"layerId\":\"0600494b-6f03-450b-8dab-981005aedf32\",\"accessors\":[\"34e0e2cc-aab4-4581-9bc4-aba527024007\"],\"position\":\"top\",\"seriesType\":\"bar\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"0f00561d-d6d7-46b2-af59-4ea225a9893a\"}]},\"query\":{\"query\":\"event.kind : \\\"alert\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"0600494b-6f03-450b-8dab-981005aedf32\":{\"columns\":{\"0f00561d-d6d7-46b2-af59-4ea225a9893a\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"34e0e2cc-aab4-4581-9bc4-aba527024007\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true}},\"columnOrder\":[\"0f00561d-d6d7-46b2-af59-4ea225a9893a\",\"34e0e2cc-aab4-4581-9bc4-aba527024007\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Alerts Log Count Over Time\",\"panelRefName\":\"panel_41131702-4832-4ca2-a24c-2418181fa4bb\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":11,\"w\":8,\"h\":15,\"i\":\"126f7572-997b-441a-a124-a342a75325d5\"},\"panelIndex\":\"126f7572-997b-441a-a124-a342a75325d5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_126f7572-997b-441a-a124-a342a75325d5\",\"type\":\"lens\",\"id\":\"f376b820-6e47-11ec-864c-8b5450f97635\"},{\"name\":\"panel_126f7572-997b-441a-a124-a342a75325d5\",\"type\":\"lens\",\"id\":\"f376b820-6e47-11ec-864c-8b5450f97635\"},{\"name\":\"panel_126f7572-997b-441a-a124-a342a75325d5\",\"type\":\"lens\",\"id\":\"f376b820-6e47-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-3b6026b4-9c36-4fbc-9f90-bd5580303bea\"}],\"state\":{\"visualization\":{\"layerId\":\"3b6026b4-9c36-4fbc-9f90-bd5580303bea\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721\"},{\"columnId\":\"ff0a89b4-427d-4739-bb83-86794a1f4289\"}]},\"query\":{\"query\":\"event.kind : \\\"alert\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"3b6026b4-9c36-4fbc-9f90-bd5580303bea\":{\"columns\":{\"d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721\":{\"label\":\"user.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name\",\"isBucketed\":true,\"params\":{\"size\":20,\"orderBy\":{\"type\":\"column\",\"columnId\":\"ff0a89b4-427d-4739-bb83-86794a1f4289\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"ff0a89b4-427d-4739-bb83-86794a1f4289\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721\",\"ff0a89b4-427d-4739-bb83-86794a1f4289\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Alerts Users\",\"panelRefName\":\"panel_126f7572-997b-441a-a124-a342a75325d5\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":11,\"w\":16,\"h\":15,\"i\":\"146912f3-f4f8-4cc3-9226-6f516dd3c3da\"},\"panelIndex\":\"146912f3-f4f8-4cc3-9226-6f516dd3c3da\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da\",\"type\":\"lens\",\"id\":\"0406add0-6e48-11ec-864c-8b5450f97635\"},{\"name\":\"panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da\",\"type\":\"lens\",\"id\":\"0406add0-6e48-11ec-864c-8b5450f97635\"},{\"name\":\"panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da\",\"type\":\"lens\",\"id\":\"0406add0-6e48-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-9643f560-7a46-408c-b61d-ed2a87fc6103\"}],\"state\":{\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"layers\":[{\"layerId\":\"9643f560-7a46-408c-b61d-ed2a87fc6103\",\"groups\":[\"305b2f21-9981-40d5-a79b-f7a78eea89b4\"],\"metric\":\"3520723b-f0f3-4845-975c-e97380d8124b\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\"}]},\"query\":{\"query\":\"event.kind : \\\"alert\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"9643f560-7a46-408c-b61d-ed2a87fc6103\":{\"columns\":{\"305b2f21-9981-40d5-a79b-f7a78eea89b4\":{\"label\":\"process.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.name\",\"isBucketed\":true,\"params\":{\"size\":20,\"orderBy\":{\"type\":\"column\",\"columnId\":\"3520723b-f0f3-4845-975c-e97380d8124b\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"3520723b-f0f3-4845-975c-e97380d8124b\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"305b2f21-9981-40d5-a79b-f7a78eea89b4\",\"3520723b-f0f3-4845-975c-e97380d8124b\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"type\":\"lens\"},\"title\":\"Endgame - Alerts Processes\",\"panelRefName\":\"panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":11,\"w\":24,\"h\":15,\"i\":\"7a533f92-16c8-4f34-b31b-8055cce33284\"},\"panelIndex\":\"7a533f92-16c8-4f34-b31b-8055cce33284\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"panelRefName\":\"panel_7a533f92-16c8-4f34-b31b-8055cce33284\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":26,\"w\":48,\"h\":13,\"i\":\"37330ea4-1070-465d-8356-97f438a273f9\"},\"panelIndex\":\"37330ea4-1070-465d-8356-97f438a273f9\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_37330ea4-1070-465d-8356-97f438a273f9\",\"type\":\"lens\",\"id\":\"ca0f3e20-6e48-11ec-864c-8b5450f97635\"},{\"name\":\"panel_37330ea4-1070-465d-8356-97f438a273f9\",\"type\":\"lens\",\"id\":\"ca0f3e20-6e48-11ec-864c-8b5450f97635\"},{\"name\":\"panel_37330ea4-1070-465d-8356-97f438a273f9\",\"type\":\"lens\",\"id\":\"ca0f3e20-6e48-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-46832f84-f86b-4914-a3ac-aaeda9f09cf7\"}],\"state\":{\"visualization\":{\"layerId\":\"46832f84-f86b-4914-a3ac-aaeda9f09cf7\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"77069155-4e9a-4727-b888-648fed60258e\",\"isTransposed\":false},{\"columnId\":\"e7878efe-2181-449d-afd3-771296665829\",\"isTransposed\":false,\"alignment\":\"center\"},{\"isTransposed\":false,\"columnId\":\"738c056c-c4eb-4855-a690-90fa5b9e23f8\"},{\"isTransposed\":false,\"columnId\":\"02c8c47e-9b96-4384-b467-1fd9cff2b78b\"},{\"isTransposed\":false,\"columnId\":\"d61f74aa-1899-4881-a2cc-d0dc7cbf28df\"},{\"isTransposed\":false,\"columnId\":\"6de07e81-5ee7-4885-af47-26b401667757\"},{\"isTransposed\":false,\"columnId\":\"895abdf3-8c99-4473-a904-b379d478aae1\"},{\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\",\"isTransposed\":false,\"hidden\":true}]},\"query\":{\"query\":\"event.kind : \\\"alert\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"46832f84-f86b-4914-a3ac-aaeda9f09cf7\":{\"columns\":{\"77069155-4e9a-4727-b888-648fed60258e\":{\"label\":\"event.id (click on + to go to Endgame)\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.id\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"e7878efe-2181-449d-afd3-771296665829\":{\"label\":\"Severity\",\"dataType\":\"number\",\"operationType\":\"range\",\"sourceField\":\"event.severity\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"type\":\"histogram\",\"ranges\":[{\"from\":0,\"to\":1000,\"label\":\"\"}],\"maxBars\":\"auto\"},\"customLabel\":true},\"738c056c-c4eb-4855-a690-90fa5b9e23f8\":{\"label\":\"Category\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.category\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"02c8c47e-9b96-4384-b467-1fd9cff2b78b\":{\"label\":\"process.command_line\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.command_line\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"d61f74aa-1899-4881-a2cc-d0dc7cbf28df\":{\"label\":\"process.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"6de07e81-5ee7-4885-af47-26b401667757\":{\"label\":\"file.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"895abdf3-8c99-4473-a904-b379d478aae1\":{\"label\":\"host.domain\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.domain\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"e30b3573-c58d-4b82-853d-70c1d090d641\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"77069155-4e9a-4727-b888-648fed60258e\",\"e7878efe-2181-449d-afd3-771296665829\",\"738c056c-c4eb-4855-a690-90fa5b9e23f8\",\"02c8c47e-9b96-4384-b467-1fd9cff2b78b\",\"d61f74aa-1899-4881-a2cc-d0dc7cbf28df\",\"6de07e81-5ee7-4885-af47-26b401667757\",\"895abdf3-8c99-4473-a904-b379d478aae1\",\"e30b3573-c58d-4b82-853d-70c1d090d641\"],\"incompleteColumns\":{}}}}}}},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"28bd4c58-580b-4d1c-b65e-3ddef0fee644\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Open event in Endgame\",\"config\":{\"url\":{\"template\":\"https://ENDGAMEHOST/alerts/{{event.value}}\"},\"openInNewTab\":true,\"encodeUrl\":false}}}]}},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Endgame - Alerts Event\",\"panelRefName\":\"panel_37330ea4-1070-465d-8356-97f438a273f9\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":39,\"w\":48,\"h\":18,\"i\":\"b3f00dae-22f1-4455-a672-087870874671\"},\"panelIndex\":\"b3f00dae-22f1-4455-a672-087870874671\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b3f00dae-22f1-4455-a672-087870874671\"}]","timeRestore":false,"title":"Endgame - Alerts","version":1},"coreMigrationVersion":"7.16.2","id":"0c8e61c0-67fc-11ec-864c-8b5450f97635","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"754f7380-6d82-11ec-864c-8b5450f97635","name":"3aa898cc-eaa4-47ea-962f-fd5be8255144:panel_3aa898cc-eaa4-47ea-962f-fd5be8255144","type":"visualization"},{"id":"914d4890-6e46-11ec-864c-8b5450f97635","name":"1ab268d3-b117-4d65-b568-d53af35bebb4:panel_1ab268d3-b117-4d65-b568-d53af35bebb4","type":"lens"},{"id":"914d4890-6e46-11ec-864c-8b5450f97635","name":"1ab268d3-b117-4d65-b568-d53af35bebb4:panel_1ab268d3-b117-4d65-b568-d53af35bebb4","type":"lens"},{"id":"914d4890-6e46-11ec-864c-8b5450f97635","name":"1ab268d3-b117-4d65-b568-d53af35bebb4:panel_1ab268d3-b117-4d65-b568-d53af35bebb4","type":"lens"},{"id":"914d4890-6e46-11ec-864c-8b5450f97635","name":"1ab268d3-b117-4d65-b568-d53af35bebb4:panel_1ab268d3-b117-4d65-b568-d53af35bebb4","type":"lens"},{"id":"endgame-*","name":"1ab268d3-b117-4d65-b568-d53af35bebb4:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"1ab268d3-b117-4d65-b568-d53af35bebb4:indexpattern-datasource-layer-842f61f9-afc4-44dc-a6bd-e3cc66a8827b","type":"index-pattern"},{"id":"d94cae10-6e46-11ec-864c-8b5450f97635","name":"41131702-4832-4ca2-a24c-2418181fa4bb:panel_41131702-4832-4ca2-a24c-2418181fa4bb","type":"lens"},{"id":"d94cae10-6e46-11ec-864c-8b5450f97635","name":"41131702-4832-4ca2-a24c-2418181fa4bb:panel_41131702-4832-4ca2-a24c-2418181fa4bb","type":"lens"},{"id":"d94cae10-6e46-11ec-864c-8b5450f97635","name":"41131702-4832-4ca2-a24c-2418181fa4bb:panel_41131702-4832-4ca2-a24c-2418181fa4bb","type":"lens"},{"id":"d94cae10-6e46-11ec-864c-8b5450f97635","name":"41131702-4832-4ca2-a24c-2418181fa4bb:panel_41131702-4832-4ca2-a24c-2418181fa4bb","type":"lens"},{"id":"endgame-*","name":"41131702-4832-4ca2-a24c-2418181fa4bb:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"41131702-4832-4ca2-a24c-2418181fa4bb:indexpattern-datasource-layer-0600494b-6f03-450b-8dab-981005aedf32","type":"index-pattern"},{"id":"f376b820-6e47-11ec-864c-8b5450f97635","name":"126f7572-997b-441a-a124-a342a75325d5:panel_126f7572-997b-441a-a124-a342a75325d5","type":"lens"},{"id":"f376b820-6e47-11ec-864c-8b5450f97635","name":"126f7572-997b-441a-a124-a342a75325d5:panel_126f7572-997b-441a-a124-a342a75325d5","type":"lens"},{"id":"f376b820-6e47-11ec-864c-8b5450f97635","name":"126f7572-997b-441a-a124-a342a75325d5:panel_126f7572-997b-441a-a124-a342a75325d5","type":"lens"},{"id":"f376b820-6e47-11ec-864c-8b5450f97635","name":"126f7572-997b-441a-a124-a342a75325d5:panel_126f7572-997b-441a-a124-a342a75325d5","type":"lens"},{"id":"endgame-*","name":"126f7572-997b-441a-a124-a342a75325d5:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"126f7572-997b-441a-a124-a342a75325d5:indexpattern-datasource-layer-3b6026b4-9c36-4fbc-9f90-bd5580303bea","type":"index-pattern"},{"id":"0406add0-6e48-11ec-864c-8b5450f97635","name":"146912f3-f4f8-4cc3-9226-6f516dd3c3da:panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da","type":"lens"},{"id":"0406add0-6e48-11ec-864c-8b5450f97635","name":"146912f3-f4f8-4cc3-9226-6f516dd3c3da:panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da","type":"lens"},{"id":"0406add0-6e48-11ec-864c-8b5450f97635","name":"146912f3-f4f8-4cc3-9226-6f516dd3c3da:panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da","type":"lens"},{"id":"0406add0-6e48-11ec-864c-8b5450f97635","name":"146912f3-f4f8-4cc3-9226-6f516dd3c3da:panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da","type":"lens"},{"id":"endgame-*","name":"146912f3-f4f8-4cc3-9226-6f516dd3c3da:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"146912f3-f4f8-4cc3-9226-6f516dd3c3da:indexpattern-datasource-layer-9643f560-7a46-408c-b61d-ed2a87fc6103","type":"index-pattern"},{"id":"1fd82420-6e3a-11ec-864c-8b5450f97635","name":"7a533f92-16c8-4f34-b31b-8055cce33284:panel_7a533f92-16c8-4f34-b31b-8055cce33284","type":"lens"},{"id":"ca0f3e20-6e48-11ec-864c-8b5450f97635","name":"37330ea4-1070-465d-8356-97f438a273f9:panel_37330ea4-1070-465d-8356-97f438a273f9","type":"lens"},{"id":"ca0f3e20-6e48-11ec-864c-8b5450f97635","name":"37330ea4-1070-465d-8356-97f438a273f9:panel_37330ea4-1070-465d-8356-97f438a273f9","type":"lens"},{"id":"ca0f3e20-6e48-11ec-864c-8b5450f97635","name":"37330ea4-1070-465d-8356-97f438a273f9:panel_37330ea4-1070-465d-8356-97f438a273f9","type":"lens"},{"id":"ca0f3e20-6e48-11ec-864c-8b5450f97635","name":"37330ea4-1070-465d-8356-97f438a273f9:panel_37330ea4-1070-465d-8356-97f438a273f9","type":"lens"},{"id":"endgame-*","name":"37330ea4-1070-465d-8356-97f438a273f9:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"37330ea4-1070-465d-8356-97f438a273f9:indexpattern-datasource-layer-46832f84-f86b-4914-a3ac-aaeda9f09cf7","type":"index-pattern"},{"id":"3ab5c280-6f06-11ec-864c-8b5450f97635","name":"b3f00dae-22f1-4455-a672-087870874671:panel_b3f00dae-22f1-4455-a672-087870874671","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,320],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzcxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RADIUS - Reply","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RADIUS - Reply\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"radius.reply_message.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"radius.reply_message.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Reply\"}}]}"},"coreMigrationVersion":"7.16.2","id":"0ca071b0-75c5-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,322],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzcyLDE1XQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.module:sysmon\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - Sysmon","version":1},"coreMigrationVersion":"7.16.2","id":"6281da80-c780-11ea-bebb-37c5ab5894ea","migrationVersion":{"search":"7.9.3"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,324],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzczLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security Onion - Sysmon Datasets","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.dataset.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - Sysmon Datasets\"}"},"coreMigrationVersion":"7.16.2","id":"0caa7df0-c781-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"6281da80-c780-11ea-bebb-37c5ab5894ea","name":"search_0","type":"search"}],"sort":[1643385898421,326],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzc0LDE1XQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.dataset:conn\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - Connections","version":1},"coreMigrationVersion":"7.16.2","id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","migrationVersion":{"search":"7.9.3"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,328],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzc1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Connections Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date_range\",\"params\":{\"id\":\"date\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}}},\"params\":{},\"label\":\"@timestamp date ranges\",\"aggType\":\"date_range\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"7.16.2","id":"34721460-6ebc-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1643385898421,330],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzc2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}"},"coreMigrationVersion":"7.16.2","id":"c9121690-6ea0-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1643385898421,332],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzc3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - State","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - State\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"connection.state.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connection.state.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"State\"}}]}"},"coreMigrationVersion":"7.16.2","id":"23b65290-6ea2-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1643385898421,334],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzc4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Connections - State (Desc)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connection.state_description.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection State\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - Connections - State (Desc)\"}"},"coreMigrationVersion":"7.16.2","id":"dc3f2c10-c6d6-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,336],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzc5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Client Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Client Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Client Bytes\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.bytes\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client Bytes\"}}]}"},"coreMigrationVersion":"7.16.2","id":"98f6e9d0-6ea1-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1643385898421,338],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzgwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Responder Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Responder Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Server Bytes\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.bytes\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Bytes\"}}]}"},"coreMigrationVersion":"7.16.2","id":"70565ec0-6ea1-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1643385898421,340],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzgxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - History","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - History\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connection.history.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"History\"}}]}"},"coreMigrationVersion":"7.16.2","id":"5414ad60-6ea2-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1643385898421,342],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzgyLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:conn\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"a05b7540-74b1-40db-b1d6-0e151f5bbaba\"},\"panelIndex\":\"a05b7540-74b1-40db-b1d6-0e151f5bbaba\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":13,\"h\":9,\"i\":\"78f096e9-6e6b-4144-a63f-3767deab6c8c\"},\"panelIndex\":\"78f096e9-6e6b-4144-a63f-3767deab6c8c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":26,\"y\":0,\"w\":22,\"h\":9,\"i\":\"f24faa4b-0270-44e6-af45-639e2d39c2c3\"},\"panelIndex\":\"f24faa4b-0270-44e6-af45-639e2d39c2c3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":18,\"i\":\"8cc3f2ee-fcc8-4ddb-8f44-ec0b08da4756\"},\"panelIndex\":\"8cc3f2ee-fcc8-4ddb-8f44-ec0b08da4756\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":11,\"y\":9,\"w\":12,\"h\":18,\"i\":\"5558d00d-f3fd-4051-96a4-384134149228\"},\"panelIndex\":\"5558d00d-f3fd-4051-96a4-384134149228\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":23,\"y\":9,\"w\":13,\"h\":18,\"i\":\"ccdbd90c-299e-4e60-a139-1505f1329071\"},\"panelIndex\":\"ccdbd90c-299e-4e60-a139-1505f1329071\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":36,\"y\":9,\"w\":12,\"h\":18,\"i\":\"d678bf2f-f183-4981-9142-976880029daa\"},\"panelIndex\":\"d678bf2f-f183-4981-9142-976880029daa\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":19,\"h\":18,\"i\":\"97f0546b-01c5-41c1-9316-099f2b3c8d91\"},\"panelIndex\":\"97f0546b-01c5-41c1-9316-099f2b3c8d91\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":19,\"y\":27,\"w\":9,\"h\":18,\"i\":\"598bda31-1136-4474-9384-451491a71d23\"},\"panelIndex\":\"598bda31-1136-4474-9384-451491a71d23\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"desc\"}}},\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":28,\"y\":27,\"w\":9,\"h\":18,\"i\":\"8192def5-399b-4728-8646-edf393b63b7e\"},\"panelIndex\":\"8192def5-399b-4728-8646-edf393b63b7e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":37,\"y\":27,\"w\":11,\"h\":18,\"i\":\"755322ff-13a8-4121-a2db-6322c037e8b3\"},\"panelIndex\":\"755322ff-13a8-4121-a2db-6322c037e8b3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":29,\"i\":\"a03bb16a-9d36-4cad-91a3-256b29489fd7\"},\"panelIndex\":\"a03bb16a-9d36-4cad-91a3-256b29489fd7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"Security Onion - Connections","version":1},"coreMigrationVersion":"7.16.2","id":"0cc628b0-6e9f-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"34721460-6ebc-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"c9121690-6ea0-11ea-9266-1fd14ca6af34","name":"panel_5","type":"visualization"},{"id":"23b65290-6ea2-11ea-9266-1fd14ca6af34","name":"panel_6","type":"visualization"},{"id":"dc3f2c10-c6d6-11ea-bebb-37c5ab5894ea","name":"panel_7","type":"visualization"},{"id":"98f6e9d0-6ea1-11ea-9266-1fd14ca6af34","name":"panel_8","type":"visualization"},{"id":"70565ec0-6ea1-11ea-9266-1fd14ca6af34","name":"panel_9","type":"visualization"},{"id":"5414ad60-6ea2-11ea-9266-1fd14ca6af34","name":"panel_10","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_11","type":"search"}],"sort":[1643385898421,355],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzgzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.category.keyword : \\\"process\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - All Event.Cat:Process Logs","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - All Event.Cat:Process Logs\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":42}}}}"},"coreMigrationVersion":"7.16.2","id":"0d0c0750-6348-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,358],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzg0LDE1XQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_modbus\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Modbus - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,360],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzg1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Modbus - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"0d168a30-363f-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,362],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzg2LDE1XQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_weird\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Weird - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,364],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzg3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"@timestamp per 12 hours\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"title\":\"Weird - Log Count Over TIme\",\"type\":\"line\"}"},"coreMigrationVersion":"7.16.2","id":"0dbcade0-3642-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,366],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzg4LDE1XQ=="} -{"attributes":{"columns":["alert_level","classification","description"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[{\"meta\":{\"negate\":false,\"key\":\"tags\",\"value\":\"alert\",\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"tags\":{\"query\":\"alert\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query_string\":{\"query\":\"event_type:ossec\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"OSSEC - Alerts","version":1},"coreMigrationVersion":"7.16.2","id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1643385898421,369],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzg5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"4fa0e530-3644-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,371],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzkwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Alert Level (Pie Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Alert Level (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"alert_level.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Alert Level\"}}]}"},"coreMigrationVersion":"7.16.2","id":"69d98570-398b-11e7-84f8-a1f7cef50fcb","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,373],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzkxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDG4pcDxQT5EBNmq3pi","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,375],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzkyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Event Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Event Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"description.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Description\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Agent\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"\",\"customLabel\":\"Username\"}}]}"},"coreMigrationVersion":"7.16.2","id":"ee0ba080-4a3d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,377],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzkzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - User to Escalated User (Data Table)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - User to Escalated User (Data Table)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"escalated_user.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Escalated User\"}}]}"},"coreMigrationVersion":"7.16.2","id":"1de31b40-4a42-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,379],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzk0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Command (Data Table)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Command (Data Table)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"command.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}]}"},"coreMigrationVersion":"7.16.2","id":"9ff34f60-4a42-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,381],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzk1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Process and Username (Data Table)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Process and Username (Data Table)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Process\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}]}"},"coreMigrationVersion":"7.16.2","id":"447bd2f0-4a43-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,383],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzk2LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"h\":60,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"h\":28,\"i\":\"6\",\"w\":16,\"x\":32,\"y\":8},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"h\":56,\"i\":\"11\",\"w\":48,\"x\":0,\"y\":88},\"panelIndex\":\"11\",\"embeddableConfig\":{\"columns\":[\"alert_level\",\"classification\",\"description\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"h\":8,\"i\":\"12\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"h\":28,\"i\":\"13\",\"w\":24,\"x\":8,\"y\":8},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"h\":24,\"i\":\"14\",\"w\":16,\"x\":32,\"y\":36},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"h\":28,\"i\":\"15\",\"w\":48,\"x\":0,\"y\":60},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"h\":24,\"i\":\"16\",\"w\":24,\"x\":8,\"y\":36},\"panelIndex\":\"16\",\"embeddableConfig\":{\"spy\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"z16.04 - OSSEC Alerts","version":1},"coreMigrationVersion":"7.16.2","id":"0de7a390-3644-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"4fa0e530-3644-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"69d98570-398b-11e7-84f8-a1f7cef50fcb","name":"panel_2","type":"visualization"},{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"panel_3","type":"search"},{"id":"AWDG4pcDxQT5EBNmq3pi","name":"panel_4","type":"visualization"},{"id":"ee0ba080-4a3d-11e8-9b0a-f1d33346f773","name":"panel_5","type":"visualization"},{"id":"1de31b40-4a42-11e8-9b0a-f1d33346f773","name":"panel_6","type":"visualization"},{"id":"9ff34f60-4a42-11e8-9b0a-f1d33346f773","name":"panel_7","type":"visualization"},{"id":"447bd2f0-4a43-11e8-9b0a-f1d33346f773","name":"panel_8","type":"visualization"}],"sort":[1643385898421,393],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzk3LDE1XQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_snmp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SNMP - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"b12150a0-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,395],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzk4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SNMP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"0defabb0-36b9-11e7-9786-41a1d72e15ad","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,397],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzNzk5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Security Onion - Alert Data","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645) \\n \\n**Modules** \\n[Playbook](/kibana/app/dashboards#/view/f449f0a0-c77c-11ea-bebb-37c5ab5894ea) \\n[Suricata](/kibana/app/dashboards#/view/81057f40-7733-11ea-bee5-af7f7c7b8e05) \\n[Wazuh](/kibana/app/dashboards#/view/9480f190-7732-11ea-bee5-af7f7c7b8e05) \\n[Zeek](/kibana/app/dashboards#/view/fa9ed760-7734-11ea-bee5-af7f7c7b8e05) \\n\"},\"title\":\"Security Onion - Alert Data\"}"},"coreMigrationVersion":"7.16.2","id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.14.0"},"references":[],"sort":[1643385898421,398],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODAwLDE1XQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.dataset:alert\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - Alerts","version":1},"coreMigrationVersion":"7.16.2","id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","migrationVersion":{"search":"7.9.3"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,400],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODAxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Alerts - Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Alerts - Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"7.16.2","id":"931cb6f0-72ae-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"sort":[1643385898421,402],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODAyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Alerts Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Alerts Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"7.16.2","id":"b419b100-72ae-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"sort":[1643385898421,404],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODAzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security Onion - Rule - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.module.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Module\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rule.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"title\":\"Security Onion - Rule - Name\"}"},"coreMigrationVersion":"7.16.2","id":"508fb520-72af-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"sort":[1643385898421,406],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODA0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Rule - Severity","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.severity_label.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"title\":\"Security Onion - Rule - Severity\"}"},"coreMigrationVersion":"7.16.2","id":"a37b9fa0-72b0-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,408],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODA1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Rule - Category","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Rule - Category\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"}}]}"},"coreMigrationVersion":"7.16.2","id":"f7e1d570-72ae-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"sort":[1643385898421,410],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODA2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Destination Ports","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Destination Ports\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"destination.port: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}"},"coreMigrationVersion":"7.16.2","id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,412],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODA3LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset: alert\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Low & Medium Severity\",\"disabled\":true,\"key\":\"event.severity\",\"negate\":false,\"params\":{\"gte\":1,\"lt\":3},\"type\":\"range\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"range\":{\"event.severity\":{\"gte\":1,\"lt\":3}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"High & Critical Severity\",\"disabled\":true,\"key\":\"event.severity\",\"negate\":false,\"params\":{\"gte\":3,\"lt\":5},\"type\":\"range\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"range\":{\"event.severity\":{\"gte\":3,\"lt\":5}}}]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":10,\"h\":8,\"i\":\"c2ddba4b-b0a1-4204-b952-fdc8073dd3c6\"},\"panelIndex\":\"c2ddba4b-b0a1-4204-b952-fdc8073dd3c6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":10,\"y\":0,\"w\":13,\"h\":8,\"i\":\"5a22818d-a0f7-4b39-978f-bee1e4280a54\"},\"panelIndex\":\"5a22818d-a0f7-4b39-978f-bee1e4280a54\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":8,\"i\":\"41a7c313-2dc3-4563-8545-a55f57af532c\"},\"panelIndex\":\"41a7c313-2dc3-4563-8545-a55f57af532c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":29,\"h\":19,\"i\":\"7f00befc-4315-45d2-b686-fa99db9fb79c\"},\"panelIndex\":\"7f00befc-4315-45d2-b686-fa99db9fb79c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":29,\"y\":8,\"w\":19,\"h\":19,\"i\":\"1fa5c765-6991-4ece-a6a4-cdb6f2d35553\"},\"panelIndex\":\"1fa5c765-6991-4ece-a6a4-cdb6f2d35553\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":19,\"h\":18,\"i\":\"eee74597-fa74-4bf6-9c71-429bfe4c3ecd\"},\"panelIndex\":\"eee74597-fa74-4bf6-9c71-429bfe4c3ecd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":19,\"y\":27,\"w\":10,\"h\":18,\"i\":\"fa0e8955-a837-400c-abcb-43394471b39d\"},\"panelIndex\":\"fa0e8955-a837-400c-abcb-43394471b39d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":29,\"y\":27,\"w\":10,\"h\":18,\"i\":\"b60abef8-9b1e-4bae-ac3f-d7eb5a230430\"},\"panelIndex\":\"b60abef8-9b1e-4bae-ac3f-d7eb5a230430\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":39,\"y\":27,\"w\":9,\"h\":18,\"i\":\"799598a4-39de-455d-bc39-409466b8b119\"},\"panelIndex\":\"799598a4-39de-455d-bc39-409466b8b119\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":29,\"i\":\"a801f4a1-b678-47f2-9602-9c46e65533ca\"},\"panelIndex\":\"a801f4a1-b678-47f2-9602-9c46e65533ca\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Security Onion - Alerts","version":1},"coreMigrationVersion":"7.16.2","id":"0e4af1d0-72ae-11ea-8dd2-9d8795a1200b","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","name":"panel_0","type":"visualization"},{"id":"931cb6f0-72ae-11ea-8dd2-9d8795a1200b","name":"panel_1","type":"visualization"},{"id":"b419b100-72ae-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"508fb520-72af-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"a37b9fa0-72b0-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"f7e1d570-72ae-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_8","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_9","type":"search"}],"sort":[1643385898421,425],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODA4LDE1XQ=="} -{"attributes":{"columns":["event_type","source_ip","source_port","destination_ip","destination_port","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:sysmon\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Sysmon - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,427],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODA5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sysmon - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"image_path.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Image\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_hostname.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Hostname\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_hostname.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Hostname\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"0eb1fd80-6d70-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,429],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODEwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Kerberos Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Kerberos Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"kerberos.client.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"kerberos.client.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"coreMigrationVersion":"7.16.2","id":"0ecc7310-75bd-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,431],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODExLDE1XQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"All Logs","version":1},"coreMigrationVersion":"7.16.2","id":"aa05e920-3433-11e7-8867-29a39c0f86b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,433],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODEyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Sensors/Devices - Total Number of Logs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sensors/Devices - Total Number of Logs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-host_from.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sensor/Device\"}}]}"},"coreMigrationVersion":"7.16.2","id":"0f25aac0-3434-11e7-8867-29a39c0f86b2","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"sort":[1643385898421,435],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODEzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSH - Direction","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SSH - Direction\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssh.direction.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.direction.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Direction\"}}]}"},"coreMigrationVersion":"7.16.2","id":"104a4a90-75eb-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,437],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODE0LDE1XQ=="} -{"attributes":{"columns":["source_ip","destination_ip","message_types","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dhcp\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"DHCP - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,439],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODE1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DHCP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"},"coreMigrationVersion":"7.16.2","id":"1055ada0-3655-11e7-baa7-b7de4ee40605","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,441],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODE2LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"9629c970-29fd-421c-a46a-0bf72171818e":{"columnOrder":["398df44e-6553-4353-b8eb-a2d6c9f83dac"],"columns":{"398df44e-6553-4353-b8eb-a2d6c9f83dac":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":"event.category.keyword : \"registry\" "},"visualization":{"accessor":"398df44e-6553-4353-b8eb-a2d6c9f83dac","layerId":"9629c970-29fd-421c-a46a-0bf72171818e","layerType":"data"}},"title":"Endgame - All Event.Cat:Registry Logs","visualizationType":"lnsMetric"},"coreMigrationVersion":"7.16.2","id":"10af1a20-6cc9-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-9629c970-29fd-421c-a46a-0bf72171818e","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,445],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODE3LDE1XQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_dce_rpc\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"DCE/RPC - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,447],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODE4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"10b8a610-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,449],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODE5LDE1XQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_radius\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"RADIUS - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"75545310-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,451],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODIwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - MAC","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - MAC\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mac.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MAC Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"10cd7190-3809-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,453],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODIxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source - Sum of Total Bytes ( Tile Map)","uiStateJSON":"{\"mapZoom\":3,\"mapCenter\":[39.70718665682654,-44.912109375]}","version":1,"visState":"{\"title\":\"Connections - Source - Sum of Total Bytes ( Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"source_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"1156b1e0-46c7-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,455],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODIyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Logstash - Processing Performance","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Logstash - Processing Performance\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"rotate\":75,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Log Type\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Average processing time\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"},{\"data\":{\"id\":\"4\",\"label\":\"Standard Deviation of logstash_time\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\",\"customLabel\":\"Average processing time\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event_type.keyword\",\"size\":20,\"orderAgg\":{\"id\":\"2-orderAgg\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"orderAgg\",\"params\":{\"field\":\"logstash_time\"}},\"order\":\"desc\",\"orderBy\":\"custom\",\"customLabel\":\"Log Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"std_dev\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"f86bc870-46ce-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"sort":[1643385898421,457],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODIzLDE1XQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"tags:_grokparsefailure OR tags:_csvparsefailure OR tags:_rubyexception\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Errors","version":1},"coreMigrationVersion":"7.16.2","id":"ef487fd0-46cf-11e7-ba56-317a6969f55c","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,459],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODI0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Logstash - Error Type (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Logstash - Error Type (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tags.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"exclude\":\"\",\"include\":\"_csvparsefailure|_grokparsefailure|_rubyexception\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"7.16.2","id":"3a273780-46d0-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"ef487fd0-46cf-11e7-ba56-317a6969f55c","name":"search_0","type":"search"}],"sort":[1643385898421,461],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODI1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Logstash - Avg Processing Time","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Logstash - Avg Processing Time\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHIynExQT5EBNmq49q","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,463],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODI2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Logstash - Median Processing TIme","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Logstash - Median Processing TIme\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"median\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\",\"percents\":[50]}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHJY1BxQT5EBNmq5Ay","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,465],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODI3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Logstash - Max Processing Time","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Logstash - Max Processing Time\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHJpuBxQT5EBNmq5Cr","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,467],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODI4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"tags:_grokparsefailure OR tags:_csvparsefailure OR tags:_rubyexception\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Logstash - Error Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Logstash - Error Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHKEF2xQT5EBNmq5FA","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,469],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODI5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Sensors/Devices and Services","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sensors/Devices and Services\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sensor_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sensor\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}"},"coreMigrationVersion":"7.16.2","id":"d8214de0-4a3a-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,471],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODMwLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":12,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":28,\"x\":8,\"y\":36,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":64,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":64,\"x\":0,\"y\":0,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":64,\"x\":0,\"y\":88,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"columns\":[\"_source\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":12,\"x\":8,\"y\":0,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":12,\"x\":16,\"y\":0,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":12,\"x\":24,\"y\":0,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":12,\"x\":32,\"y\":0,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":28,\"h\":28,\"x\":20,\"y\":36,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}},\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"z16.04 - Stats","version":1},"coreMigrationVersion":"7.16.2","id":"130017f0-46ce-11e7-946f-1bfb1be7c36b","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"f86bc870-46ce-11e7-946f-1bfb1be7c36b","name":"panel_0","type":"visualization"},{"id":"0f25aac0-3434-11e7-8867-29a39c0f86b2","name":"panel_1","type":"visualization"},{"id":"3a273780-46d0-11e7-946f-1bfb1be7c36b","name":"panel_2","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_3","type":"visualization"},{"id":"ef487fd0-46cf-11e7-ba56-317a6969f55c","name":"panel_4","type":"search"},{"id":"AWDHIynExQT5EBNmq49q","name":"panel_5","type":"visualization"},{"id":"AWDHJY1BxQT5EBNmq5Ay","name":"panel_6","type":"visualization"},{"id":"AWDHJpuBxQT5EBNmq5Cr","name":"panel_7","type":"visualization"},{"id":"AWDHKEF2xQT5EBNmq5FA","name":"panel_8","type":"visualization"},{"id":"d8214de0-4a3a-11e8-9b0a-f1d33346f773","name":"panel_9","type":"visualization"}],"sort":[1643385898421,482],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODMxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Destination - Sum of Total Bytes ( Tile Map)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Destination - Sum of Total Bytes ( Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"1342e630-4632-11e7-9903-85f789353078","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,484],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODMyLDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"9f5d45b0-a078-4f86-b1f0-8e375d4ad641":{"columnOrder":["b67d303e-9a64-468a-9297-60ee2bb030cf","8fdfcdad-b05c-410d-a776-3e8ac8a74dc2"],"columns":{"8fdfcdad-b05c-410d-a776-3e8ac8a74dc2":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"b67d303e-9a64-468a-9297-60ee2bb030cf":{"dataType":"string","isBucketed":true,"label":"Top values of endgame.event_subtype_full","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"8fdfcdad-b05c-410d-a776-3e8ac8a74dc2","type":"column"},"orderDirection":"desc","otherBucket":true,"size":6},"scale":"ordinal","sourceField":"endgame.event_subtype_full"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"categoryDisplay":"default","groups":["b67d303e-9a64-468a-9297-60ee2bb030cf"],"layerId":"9f5d45b0-a078-4f86-b1f0-8e375d4ad641","layerType":"data","legendDisplay":"show","metric":"8fdfcdad-b05c-410d-a776-3e8ac8a74dc2","nestedLegend":false,"numberDisplay":"percent"}],"shape":"donut"}},"title":"Endgame - Event Category Pie Chart","visualizationType":"lnsPie"},"coreMigrationVersion":"7.16.2","id":"137cda90-6a20-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-9f5d45b0-a078-4f86-b1f0-8e375d4ad641","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,488],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODMzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNS - Response Code Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.response.code_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Response Code Name\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - DNS - Response Code Name\"}"},"coreMigrationVersion":"7.16.2","id":"13cda410-c770-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,490],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODM0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Sysmon - Username","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sysmon - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User\"}}]}"},"coreMigrationVersion":"7.16.2","id":"13ed0810-6d72-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,492],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODM1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Connection State","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Connection State\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connection_state_description.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection State Description\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"13fe29c0-3b17-11e7-b871-5f76306b9694","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,494],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODM2LDE1XQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_rfb\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"RFB - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"8ba53710-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,496],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODM3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Exclusive Session (Donut Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"RFB - Exclusive Session (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"share_flag.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"14274040-371f-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,498],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODM4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Agents","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Agents\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"agent.type.keyword: Descending\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"agent.version.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Agent\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Version\"}}]}"},"coreMigrationVersion":"7.16.2","id":"14ed9540-6ed7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,500],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODM5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Certificate Key Length (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Key Length (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Key Length\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"certificate_key_length\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Key Length\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"150f7280-6e37-11e7-a8d6-ed2e692de531","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,502],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODQwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Rule - Description","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Rule - Description\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"},"coreMigrationVersion":"7.16.2","id":"1563f380-7737-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,504],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODQxLDE1XQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"(event_type:bro_smb_mapping OR event_type:bro_smb_files)\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SMB - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"19849f30-3aab-11e7-8b17-0d8709b02c80","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,506],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODQyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"15b4e7a0-3aad-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,508],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODQzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Server Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DHCP - Server Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Server Address\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.address.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Address\"}}]}"},"coreMigrationVersion":"7.16.2","id":"15fa3b30-7375-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,510],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODQ0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Modbus - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"178209e0-6e1b-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,512],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODQ1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RDP - Destination Port","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RDP - Destination Port\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"7.16.2","id":"19dfd180-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,514],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODQ2LDE1XQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event_type:ids\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"NIDS - Alerts","version":1},"coreMigrationVersion":"7.16.2","id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,516],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODQ3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Drilldown - Alert Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NIDS - Drilldown - Alert Title\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":12}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"top_hits\",\"schema\":\"metric\",\"params\":{\"field\":\"alert.keyword\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"}}]}"},"coreMigrationVersion":"7.16.2","id":"1b3faca0-e064-11e9-8f0c-2ddbf5ed9290","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,518],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODQ4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Source IP Address","uiStateJSON":"{\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-6\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Weird - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"1b837b00-364e-11e7-9dc3-d35061cb642d","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,520],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODQ5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Total Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Total Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"1c2aeb50-365e-11e7-b896-5bdd6bfa1561","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"sort":[1643385898421,522],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODUwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMB - Service","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMB - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smb.service.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.16.2","id":"1c6567b0-75f0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,524],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODUxLDE1XQ=="} -{"attributes":{"columns":["entry","entry_location","image_path","hostname","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:autoruns\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Autoruns - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"dd700830-6d69-11e7-ad64-15aa071374a6","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,526],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODUyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Profile","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Autoruns - Profile\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"profile.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Profile\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"1cd6a970-6d79-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,528],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODUzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Log Count Over Time","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"ElastAlert - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"969e4820-7dce-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,530],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODU0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Alert Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastAlert - Alert Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert_info.type.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Alert Type\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"f7998d60-7dce-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,532],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODU1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Rule","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastAlert - Rule\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule_name\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Rule\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"5e1dc100-7dcf-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,534],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODU2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastAlert - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"match_body.source.ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"8ec77cb0-7dcf-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,536],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODU3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastAlert - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"match_body.destination.ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"a26faee0-7dcf-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,538],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODU4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastAlert - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"match_body.destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"7.16.2","id":"ce25b750-7dcf-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,540],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODU5LDE1XQ=="} -{"attributes":{"columns":["rule_name","matches","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"ElastAlert","version":1},"coreMigrationVersion":"7.16.2","id":"e8840d40-7dcf-11e7-a1a2-3be6827d22ce","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,542],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODYwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Elastalert - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Elastalert - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDG7DVRxQT5EBNmq3zM","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,544],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODYxLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":24,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":24,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":32,\"w\":14,\"h\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":22,\"y\":32,\"w\":14,\"h\":24,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":36,\"y\":32,\"w\":12,\"h\":24,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":48,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"columns\":[\"rule_name\",\"matches\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"},\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"z16.04 - ElastAlert","version":1},"coreMigrationVersion":"7.16.2","id":"1d98d620-7dce-11e7-846a-150cdcaf3374","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"969e4820-7dce-11e7-a1a2-3be6827d22ce","name":"panel_1","type":"visualization"},{"id":"f7998d60-7dce-11e7-a1a2-3be6827d22ce","name":"panel_2","type":"visualization"},{"id":"5e1dc100-7dcf-11e7-a1a2-3be6827d22ce","name":"panel_3","type":"visualization"},{"id":"8ec77cb0-7dcf-11e7-a1a2-3be6827d22ce","name":"panel_4","type":"visualization"},{"id":"a26faee0-7dcf-11e7-a1a2-3be6827d22ce","name":"panel_5","type":"visualization"},{"id":"ce25b750-7dcf-11e7-a1a2-3be6827d22ce","name":"panel_6","type":"visualization"},{"id":"e8840d40-7dcf-11e7-a1a2-3be6827d22ce","name":"panel_7","type":"search"},{"id":"AWDG7DVRxQT5EBNmq3zM","name":"panel_8","type":"visualization"}],"sort":[1643385898421,554],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODYyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DNS - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"1ecdd2e0-34c0-11e7-9b32-bb903919ead9","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,556],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODYzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Method (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SIP - Method (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"method.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Method\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"1ef5c230-6e24-11e7-a261-55504638cf3b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,558],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODY0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - MySQL - Command/Argument","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - MySQL - Command/Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"mysql.command.keyword: Descending\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"mysql.argument.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.command.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.argument.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Argument\"}}]}"},"coreMigrationVersion":"7.16.2","id":"1f306f60-75c0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,560],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODY1LDE1XQ=="} -{"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Endgame","version":1},"coreMigrationVersion":"7.16.2","id":"20c85b70-53aa-11ec-b3ef-6bcc33056a36","migrationVersion":{"search":"7.9.3"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,562],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODY2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Modbus - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"20eabd60-380b-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,564],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODY3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNP3 - FC Reply","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - DNP3 - FC Reply\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dnp3.fc_reply.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"FC Reply\"}}]}"},"coreMigrationVersion":"7.16.2","id":"214793c0-75b9-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,566],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODY4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Destination Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"21d090d0-365b-11e7-8bd0-1db2c55fb7a1","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,568],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODY5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Response Code (Name)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Response Code (Name)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rcode_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response Code (Name)\"}}]}"},"coreMigrationVersion":"7.16.2","id":"22f7de30-4949-11e8-9576-313be7c6b44b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,570],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODcwLDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"7d4edcbb-fca9-47d9-93df-acba6aaf6f58":{"columnOrder":["42bc4d8f-a628-4d50-96ac-b186a03aee07","0601e3c4-200d-4b97-adec-7f6a16209269","92a4b279-4a18-4513-a75c-52dcf79a6801"],"columns":{"0601e3c4-200d-4b97-adec-7f6a16209269":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"42bc4d8f-a628-4d50-96ac-b186a03aee07":{"dataType":"string","isBucketed":true,"label":"Top values of event.action","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"92a4b279-4a18-4513-a75c-52dcf79a6801","type":"column"},"orderDirection":"desc","otherBucket":true,"size":10},"scale":"ordinal","sourceField":"event.action"},"92a4b279-4a18-4513-a75c-52dcf79a6801":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.category","negate":false,"params":{"query":"network"},"type":"phrase"},"query":{"match_phrase":{"event.category":"network"}}}],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":0},"layers":[{"accessors":["92a4b279-4a18-4513-a75c-52dcf79a6801"],"layerId":"7d4edcbb-fca9-47d9-93df-acba6aaf6f58","layerType":"data","seriesType":"bar_stacked","splitAccessor":"42bc4d8f-a628-4d50-96ac-b186a03aee07","xAccessor":"0601e3c4-200d-4b97-adec-7f6a16209269"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"bar_stacked","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","yLeftExtent":{"mode":"full"},"yRightExtent":{"mode":"full"}}},"title":"Endgame - Network Category Graph","visualizationType":"lnsXY"},"coreMigrationVersion":"7.16.2","id":"22ffcc70-6322-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-7d4edcbb-fca9-47d9-93df-acba6aaf6f58","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,575],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODcxLDE1XQ=="} -{"attributes":{"columns":["source_ip","destination_ip","destination_port","resp_fuids","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_http\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"HTTP - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"fad7d170-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,577],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODcyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HTTP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"37f19e40-34c6-11e7-8360-0b86c90983fd","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,579],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODczLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Sites","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Sites\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"virtual_host.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Site\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"8ba31820-34c6-11e7-8360-0b86c90983fd","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,581],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODc0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"\\\"application/x-dosexec\\\"\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"HTTP - Sites Hosting EXEs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Sites Hosting EXEs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"virtual_host.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Site\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"7153e7f0-34c7-11e7-8360-0b86c90983fd","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,583],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODc1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - URIs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - URIs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"uri.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"aa7abb00-34e3-11e7-9669-7f1d3242b798","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,585],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODc2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"ae1f1fb0-3648-11e7-bf60-314364dd1cde","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,587],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODc3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"d0f56da0-3648-11e7-bf60-314364dd1cde","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,589],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODc4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - User Agent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"useragent.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"ae591c20-4164-11e7-9850-b78558d0ac17","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,591],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODc5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Referrer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Referrer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"referrer.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"2a7c21d0-4165-11e7-9850-b78558d0ac17","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,593],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODgwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - MIME Type (Tag Cloud)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HTTP - MIME Type (Tag Cloud)\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":14,\"maxFontSize\":40,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"resp_mime_types.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"934fe550-6e08-11e7-9370-174c4785d3e1","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,595],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODgxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"HTTP - Destination Port (Vertical Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HTTP - Destination Port (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75,\"filter\":true},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}"},"coreMigrationVersion":"7.16.2","id":"3f4abb40-6e0a-11e7-84cc-b363f104b3c7","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,597],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODgyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"HTTP - Destination Country (Vertical Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HTTP - Destination Country (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"title\":{\"text\":\"Country\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}]}"},"coreMigrationVersion":"7.16.2","id":"e41a0bd0-6e0a-11e7-84cc-b363f104b3c7","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,599],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODgzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"HTTP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDG97t7xQT5EBNmq4E1","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,601],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODg0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"HTTP - Status and Method","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"HTTP - Status and Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"status_message.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Status Message\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"method.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Method\"}}]}"},"coreMigrationVersion":"7.16.2","id":"66faa650-4c99-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,603],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODg1LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":52,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":88,\"w\":48,\"h\":24,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":112,\"w\":48,\"h\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":136,\"w\":48,\"h\":24,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":216,\"w\":48,\"h\":36,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"resp_fuids\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":52,\"w\":24,\"h\":24,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":52,\"w\":24,\"h\":24,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":188,\"w\":48,\"h\":28,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":160,\"w\":48,\"h\":28,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":76,\"w\":48,\"h\":12,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":20,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":20,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"vis\":{\"colors\":{\"Count\":\"#629E51\"}},\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":28,\"w\":40,\"h\":24,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_14\"}]","timeRestore":false,"title":"z16.04 - Bro - HTTP","version":1},"coreMigrationVersion":"7.16.2","id":"230134a0-34c6-11e7-8360-0b86c90983fd","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"37f19e40-34c6-11e7-8360-0b86c90983fd","name":"panel_1","type":"visualization"},{"id":"8ba31820-34c6-11e7-8360-0b86c90983fd","name":"panel_2","type":"visualization"},{"id":"7153e7f0-34c7-11e7-8360-0b86c90983fd","name":"panel_3","type":"visualization"},{"id":"aa7abb00-34e3-11e7-9669-7f1d3242b798","name":"panel_4","type":"visualization"},{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"panel_5","type":"search"},{"id":"ae1f1fb0-3648-11e7-bf60-314364dd1cde","name":"panel_6","type":"visualization"},{"id":"d0f56da0-3648-11e7-bf60-314364dd1cde","name":"panel_7","type":"visualization"},{"id":"ae591c20-4164-11e7-9850-b78558d0ac17","name":"panel_8","type":"visualization"},{"id":"2a7c21d0-4165-11e7-9850-b78558d0ac17","name":"panel_9","type":"visualization"},{"id":"934fe550-6e08-11e7-9370-174c4785d3e1","name":"panel_10","type":"visualization"},{"id":"3f4abb40-6e0a-11e7-84cc-b363f104b3c7","name":"panel_11","type":"visualization"},{"id":"e41a0bd0-6e0a-11e7-84cc-b363f104b3c7","name":"panel_12","type":"visualization"},{"id":"AWDG97t7xQT5EBNmq4E1","name":"panel_13","type":"visualization"},{"id":"66faa650-4c99-11e8-9b0a-f1d33346f773","name":"panel_14","type":"visualization"}],"sort":[1643385898421,619],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODg2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Validation Status","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Validation Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"validation_status.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"23d22bd0-70b4-11e7-810e-2bafe9e41c10","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,621],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODg3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"},"title":"Connections - Bytes and Duration","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Bytes and Duration\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Top Total Bytes](/kibana/app/dashboards#/view/a2ab0c40-3b0a-11e7-a6f9-5d3fe735ec2b) \\n[Source - Originator Bytes](/kibana/app/dashboards#/view/68f738e0-46ca-11e7-946f-1bfb1be7c36b) | [Destination - Responder Bytes](/kibana/app/dashboards#/view/b65775e0-46cb-11e7-946f-1bfb1be7c36b) \\n[Source - Sum of Total Bytes](/kibana/app/dashboards#/view/f042ad60-46c6-11e7-946f-1bfb1be7c36b) | [Destination - Sum of Total Bytes](/kibana/app/dashboards#/view/ccfcc540-4638-11e7-a82e-d97152153689) \\n[Source - Top Connection Duration](/kibana/app/dashboards#/view/4e108070-46c7-11e7-946f-1bfb1be7c36b) | [Destination - Top Connection Duration](/kibana/app/dashboards#/view/ea211360-46c4-11e7-a82e-d97152153689)\",\"fontSize\":12,\"openLinksInNewTab\":false},\"aggs\":[]}"},"coreMigrationVersion":"7.16.2","id":"25ce6eb0-463b-11e7-a82e-d97152153689","migrationVersion":{"visualization":"7.14.0"},"references":[],"sort":[1643385898421,622],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODg4LDE1XQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_tunnels\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Tunnels - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"d26d5510-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,624],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODg5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Destination Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Tunnels - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"26457730-3808-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,626],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODkwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RFB - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"265a04d0-3640-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,628],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODkxLDE1XQ=="} -{"attributes":{"columns":["source_ip","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_syslog\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Syslog (Bro) - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,630],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODkyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.category.keyword : \\\"process\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - Event.Cat:Process Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - Event.Cat:Process Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30m\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{},\"style\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"},\"style\":{}}],\"seriesParams\":[{\"show\":true,\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":3}],\"addTooltip\":true,\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"addLegend\":true,\"legendPosition\":\"right\",\"fittingFunction\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"labels\":{},\"radiusRatio\":9,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"coreMigrationVersion":"7.16.2","id":"269cd740-634c-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,633],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODkzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - Method","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.method.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.method.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"}}]}"},"coreMigrationVersion":"7.16.2","id":"272b8ab0-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,635],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODk0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Bro - Connections - Service By Destination Country","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Bro - Connections - Service By Destination Country\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\",\"row\":false}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"service.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}"},"coreMigrationVersion":"7.16.2","id":"277f3250-4161-11e7-8493-51634b0a4565","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,637],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODk1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RADIUS - Result","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - RADIUS - Result\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"radius.result.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"}}]}"},"coreMigrationVersion":"7.16.2","id":"27ab8260-75c5-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,639],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODk2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Argument","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ftp_argument.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Argument\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"e1907430-35b6-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,641],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODk3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Reply Message","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Reply Message\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"reply_message.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Reply Message\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"adcd38e0-3679-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,643],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODk4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"FTP - Reply Code","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"FTP - Reply Code\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"reply_code.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"7.16.2","id":"a0cb0860-367a-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,645],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzODk5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"cf9e5660-367a-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,647],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTAwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Destination Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"f1d3d070-367a-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,649],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTAxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Username","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\"title\":\"FTP - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"f9904390-3bff-11e7-be35-e7fc4052ff75","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,651],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTAyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"eead8540-6e14-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,653],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTAzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"FTP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDG9sT_xQT5EBNmq4DI","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,655],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTA0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"FTP - Command","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Command\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ftp_command.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}}]}"},"coreMigrationVersion":"7.16.2","id":"d5681260-4c8c-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,657],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTA1LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":20,\"y\":8,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":32,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":56,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":56,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":8,\"y\":32,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":80,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"uid\",\"fuid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":56,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":8,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"z16.04 - Bro - FTP","version":1},"coreMigrationVersion":"7.16.2","id":"27f3b380-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"06f21d60-35b6-11e7-a994-c528746bc6e8","name":"panel_1","type":"visualization"},{"id":"e1907430-35b6-11e7-a994-c528746bc6e8","name":"panel_2","type":"visualization"},{"id":"adcd38e0-3679-11e7-8c78-e3086faf385c","name":"panel_3","type":"visualization"},{"id":"a0cb0860-367a-11e7-8c78-e3086faf385c","name":"panel_4","type":"visualization"},{"id":"cf9e5660-367a-11e7-8c78-e3086faf385c","name":"panel_5","type":"visualization"},{"id":"f1d3d070-367a-11e7-8c78-e3086faf385c","name":"panel_6","type":"visualization"},{"id":"f9904390-3bff-11e7-be35-e7fc4052ff75","name":"panel_7","type":"visualization"},{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"panel_8","type":"search"},{"id":"eead8540-6e14-11e7-8624-1fb07dd76c6a","name":"panel_9","type":"visualization"},{"id":"AWDG9sT_xQT5EBNmq4DI","name":"panel_10","type":"visualization"},{"id":"d5681260-4c8c-11e8-9b0a-f1d33346f773","name":"panel_11","type":"visualization"}],"sort":[1643385898421,670],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTA2LDE1XQ=="} -{"attributes":{"columns":["alert_level","classification","description"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"event_type:ossec\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"OSSEC - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"efba60c0-3642-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,672],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTA3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"OSSEC - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"OSSEC - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"2817b300-3643-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"efba60c0-3642-11e7-a6f7-4f44d7bf1c33","name":"search_0","type":"search"}],"sort":[1643385898421,674],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTA4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - PE - Machine","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.machine.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Machine\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - PE - Machine\"}"},"coreMigrationVersion":"7.16.2","id":"282bf2c0-c763-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,676],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTA5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - X.509 - Key Type (Donut)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"x509.certificate.key.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"x509.basic_constraints.ca: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"title\":\"Security Onion - X.509 - Key Type (Donut)\"}"},"coreMigrationVersion":"7.16.2","id":"2895c940-75ef-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,678],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTEwLDE1XQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.dataset:http\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - HTTP","version":1},"coreMigrationVersion":"7.16.2","id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","migrationVersion":{"search":"7.9.3"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,680],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTExLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Virtual Host","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Virtual Host\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.virtual_host.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Virtual Host\"}}]}"},"coreMigrationVersion":"7.16.2","id":"28bf2ef0-6eb7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1643385898421,682],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTEyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Top Source IPs","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Top Source IPs\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"28c27f80-3b05-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,684],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTEzLDE1XQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","request_type","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_kerberos\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Kerberos - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"452daa10-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,686],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTE0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"28d04080-3636-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,688],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTE1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSH - Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSH - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"CLient\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssh.client.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"coreMigrationVersion":"7.16.2","id":"292b1db0-75ea-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,690],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTE2LDE1XQ=="} -{"attributes":{"columns":["file_ip","destination_ip","source","uid","fuid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event_type:bro_files\"}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Files - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,692],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTE3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FIles - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FIles - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"295d7ed0-3656-11e7-baa7-b7de4ee40605","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,694],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTE4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Target Filename","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sysmon - Target Filename\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"target_filename.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Filename\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"29611940-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,696],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTE5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source Country","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Source Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_geo.country_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"296823d0-366f-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,698],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTIwLDE1XQ=="} -{"attributes":{"columns":["action","reason","source_ip","source_port","destination_ip","destination_port","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:firewall\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Firewall - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"37c16940-6d6b-11e7-ad64-15aa071374a6","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,700],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTIxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Action/Reason (Vertical Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Firewall - Action/Reason (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Action\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"action.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"reason.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Reason\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"2a1eb100-6d82-11e7-bcd4-0d514e0e7da1","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,702],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTIyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Version","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SNMP - Version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"version.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"2a3ae810-36ba-11e7-9786-41a1d72e15ad","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,704],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTIzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Lease Time","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DHCP - Lease Time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dhcp.lease_time: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dhcp.lease_time\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Lease Time\"}}]}"},"coreMigrationVersion":"7.16.2","id":"2af5f980-96e2-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,706],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTI0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Client/Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSH - Client/Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"2bbdc020-6e34-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,708],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTI1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.category : \\\"registry\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - Registry Events","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - Registry Events\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.hostname\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":7,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"hostname\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"registry.key\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"registry key\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"registry.value\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"value\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"showToolbar\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"coreMigrationVersion":"7.16.2","id":"2cb579d0-64bd-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,711],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTI2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Files - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Files - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"6571ee10-3584-11e7-a588-05992195c551","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,713],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTI3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Files - Files By Size (Bytes)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Files - Files By Size (Bytes)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"seen_bytes\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Bytes Seen\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"cb3f3850-3585-11e7-8f28-2b291d0f6d86","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,715],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTI4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FIles - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FIles - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file_ip.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"67ab33d0-3656-11e7-baa7-b7de4ee40605","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,717],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTI5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Files - MIME Type (Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Files - MIME Type (Bar Chart)\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"rotate\":75,\"show\":true,\"truncate\":100,\"filter\":true},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"MIME Type\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mimetype.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}]}"},"coreMigrationVersion":"7.16.2","id":"8c57f3d0-3674-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,719],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTMwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FIles - MIME Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FIles - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mimetype.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"aa021c90-3678-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,721],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTMxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Files - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Files - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDG9goqxQT5EBNmq4BP","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,723],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTMyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Files - Source","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Files - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}]}"},"coreMigrationVersion":"7.16.2","id":"dff32860-4c8b-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,725],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTMzLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":72,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"columns\":[\"file_ip\",\"destination_ip\",\"source\",\"uid\",\"fuid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":48,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":48,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":16,\"x\":8,\"y\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":48,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":24,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"z16.04 - Bro - Files","version":1},"coreMigrationVersion":"7.16.2","id":"2d315d80-3582-11e7-98ef-19df58fe538b","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"6571ee10-3584-11e7-a588-05992195c551","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"panel_2","type":"search"},{"id":"cb3f3850-3585-11e7-8f28-2b291d0f6d86","name":"panel_3","type":"visualization"},{"id":"295d7ed0-3656-11e7-baa7-b7de4ee40605","name":"panel_4","type":"visualization"},{"id":"67ab33d0-3656-11e7-baa7-b7de4ee40605","name":"panel_5","type":"visualization"},{"id":"8c57f3d0-3674-11e7-8c78-e3086faf385c","name":"panel_6","type":"visualization"},{"id":"aa021c90-3678-11e7-8c78-e3086faf385c","name":"panel_7","type":"visualization"},{"id":"AWDG9goqxQT5EBNmq4BP","name":"panel_8","type":"visualization"},{"id":"dff32860-4c8b-11e8-9b0a-f1d33346f773","name":"panel_9","type":"visualization"}],"sort":[1643385898421,736],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTM0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Kerberos - Request Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Kerberos - Request Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"kerberos.request_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request Type\"}}]}"},"coreMigrationVersion":"7.16.2","id":"2d73e460-75bd-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,738],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTM1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"2da139c0-34e7-11e7-9118-45bd317f0ca4","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,740],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTM2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SIP - Content Type (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SIP - Content Type (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"content_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"7.16.2","id":"2db47070-3754-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,742],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTM3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - X.509 - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - X.509 - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"x509.certificate.subject.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subject\"}}]}"},"coreMigrationVersion":"7.16.2","id":"e3fb39a0-75ee-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,744],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTM4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - X.509 - SAN DNS","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - X.509 - SAN DNS\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"x509.san_dns.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"x509.san_dns.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SAN DNS\"}}]}"},"coreMigrationVersion":"7.16.2","id":"47f40770-75ef-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,746],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTM5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - X.509 - Issuer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - X.509 - Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"x509.certificate.issuer.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"x509.certificate.issuer.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Issuer\"}}]}"},"coreMigrationVersion":"7.16.2","id":"b7334c00-75ee-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,748],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTQwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - X509 - Key Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"x509.certificate.key.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Key Type\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - X509 - Key Type\"}"},"coreMigrationVersion":"7.16.2","id":"8d4a9990-c77c-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,750],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTQxLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:x509\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":8,\"i\":\"2d374b61-ac4b-4f89-aec2-254ab0a2e011\"},\"panelIndex\":\"2d374b61-ac4b-4f89-aec2-254ab0a2e011\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":14,\"y\":0,\"w\":16,\"h\":8,\"i\":\"7372042e-3e70-4764-abb1-0c4c9288ff23\"},\"panelIndex\":\"7372042e-3e70-4764-abb1-0c4c9288ff23\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"eee8c3b6-66eb-4427-99ed-459c294599c7\"},\"panelIndex\":\"eee8c3b6-66eb-4427-99ed-459c294599c7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":30,\"h\":22,\"i\":\"3c5d4fc3-bad7-435e-aadc-21de562b638d\"},\"panelIndex\":\"3c5d4fc3-bad7-435e-aadc-21de562b638d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":8,\"w\":18,\"h\":22,\"i\":\"3fb3ec30-312a-45aa-93be-b8955615bf71\"},\"panelIndex\":\"3fb3ec30-312a-45aa-93be-b8955615bf71\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":30,\"w\":30,\"h\":21,\"i\":\"0a395978-b95f-4bfc-82fa-737307cd8ebd\"},\"panelIndex\":\"0a395978-b95f-4bfc-82fa-737307cd8ebd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":30,\"w\":18,\"h\":21,\"i\":\"e6e39ec1-063a-4e34-a909-4f47397fa79b\"},\"panelIndex\":\"e6e39ec1-063a-4e34-a909-4f47397fa79b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":51,\"w\":48,\"h\":29,\"i\":\"3fa098f8-4a37-410e-a8f5-fd3667865c3f\"},\"panelIndex\":\"3fa098f8-4a37-410e-a8f5-fd3667865c3f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - X509","version":1},"coreMigrationVersion":"7.16.2","id":"2e0865f0-75ee-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"e3fb39a0-75ee-11ea-9565-7315f4ee5cac","name":"panel_3","type":"visualization"},{"id":"47f40770-75ef-11ea-9565-7315f4ee5cac","name":"panel_4","type":"visualization"},{"id":"b7334c00-75ee-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"8d4a9990-c77c-11ea-bebb-37c5ab5894ea","name":"panel_6","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"search"}],"sort":[1643385898421,759],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTQyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RDP - Cookie","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RDP - Cookie\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rdp.cookie.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rdp.cookie.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Cookie\"}}]}"},"coreMigrationVersion":"7.16.2","id":"2e7363f0-75c6-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,761],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTQzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Entry","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Autoruns - Entry\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"entry.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Entry\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"entry_location.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Entry Location\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"2ef9ccd0-6d7a-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,763],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTQ0LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"d3d228ff-cc82-48f3-948f-6dad9c1d9208":{"columnOrder":["fb32a3f2-725e-4068-abde-754d39d98a5c","0b079a50-9c2b-47f9-b075-b982490e923c","0b079a50-9c2b-47f9-b075-b982490e923cX0"],"columns":{"0b079a50-9c2b-47f9-b075-b982490e923c":{"dataType":"number","isBucketed":false,"label":"count()","operationType":"formula","params":{"formula":"count()","isFormulaBroken":false},"references":["0b079a50-9c2b-47f9-b075-b982490e923cX0"],"scale":"ratio"},"0b079a50-9c2b-47f9-b075-b982490e923cX0":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Part of count()","operationType":"count","scale":"ratio","sourceField":"Records"},"fb32a3f2-725e-4068-abde-754d39d98a5c":{"dataType":"string","isBucketed":true,"label":"Top values of event.type","operationType":"terms","params":{"missingBucket":false,"orderBy":{"fallback":true,"type":"alphabetical"},"orderDirection":"asc","otherBucket":true,"size":5},"scale":"ordinal","sourceField":"event.type"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.category","negate":false,"params":{"query":"network"},"type":"phrase"},"query":{"match_phrase":{"event.category":"network"}}}],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"categoryDisplay":"default","groups":["fb32a3f2-725e-4068-abde-754d39d98a5c"],"layerId":"d3d228ff-cc82-48f3-948f-6dad9c1d9208","layerType":"data","legendDisplay":"show","metric":"0b079a50-9c2b-47f9-b075-b982490e923c","nestedLegend":false,"numberDisplay":"percent"}],"palette":{"name":"default","type":"palette"},"shape":"donut"}},"title":"Endgame - Network Type Chart","visualizationType":"lnsPie"},"coreMigrationVersion":"7.16.2","id":"2f20b2c0-6323-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-d3d228ff-cc82-48f3-948f-6dad9c1d9208","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,768],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTQ1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Change Stats","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"osquery - Change Stats\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Changes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"osquery.hostIdentifier.keyword\",\"customLabel\":\"Endpoints\"}}]}"},"coreMigrationVersion":"7.16.2","id":"2f556c90-14e3-11e9-82f7-0da02d93a48b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"84116380-14e1-11e9-82f7-0da02d93a48b","name":"search_0","type":"search"}],"sort":[1643385898421,770],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTQ2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - All Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - All Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30m\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{},\"style\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"},\"style\":{}}],\"seriesParams\":[{\"show\":true,\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":3}],\"addTooltip\":true,\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"addLegend\":true,\"legendPosition\":\"right\",\"fittingFunction\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"labels\":{},\"radiusRatio\":9,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"coreMigrationVersion":"7.16.2","id":"2f7966b0-53a4-11ec-b3ef-6bcc33056a36","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,773],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTQ3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:files\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - File - Analyzer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - File - Analyzer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.analyzer.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.analyzer.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Analyzer\"}}]}"},"coreMigrationVersion":"7.16.2","id":"2fc4bea0-7730-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,775],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTQ4LDE1XQ=="} -{"attributes":{"columns":["source_ip","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_dnp3\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"DNP3 - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"c2587840-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,777],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTQ5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNP3 - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DNP3 - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"593f1850-3581-11e7-98ef-19df58fe538b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,779],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTUwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNP3 - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"dde8c8a0-3719-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,781],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTUxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNP3 - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"ef7546c0-3719-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,783],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTUyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNP3 - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"4898f230-6e0e-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,785],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTUzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNP3 - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"DNP3 - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDG9DWvxQT5EBNmq3-m","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,787],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTU0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNP3 - Function Request","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Function Request\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"fc_request.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request\"}}]}"},"coreMigrationVersion":"7.16.2","id":"857c6760-4a4d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,789],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTU1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNP3 - Function Reply","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Function Reply\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"fc_reply.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Reply\"}}]}"},"coreMigrationVersion":"7.16.2","id":"bd5435f0-4a4d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,791],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTU2LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":32,\"w\":12,\"h\":24,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":20,\"y\":32,\"w\":12,\"h\":24,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":24,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":32,\"y\":32,\"w\":16,\"h\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":24,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"z16.04 - Bro - DNP3","version":1},"coreMigrationVersion":"7.16.2","id":"2fdf5bf0-3581-11e7-98ef-19df58fe538b","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"593f1850-3581-11e7-98ef-19df58fe538b","name":"panel_1","type":"visualization"},{"id":"dde8c8a0-3719-11e7-90f8-87842d5eedc9","name":"panel_2","type":"visualization"},{"id":"ef7546c0-3719-11e7-90f8-87842d5eedc9","name":"panel_3","type":"visualization"},{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"panel_4","type":"search"},{"id":"4898f230-6e0e-11e7-8624-1fb07dd76c6a","name":"panel_5","type":"visualization"},{"id":"AWDG9DWvxQT5EBNmq3-m","name":"panel_6","type":"visualization"},{"id":"857c6760-4a4d-11e8-9b0a-f1d33346f773","name":"panel_7","type":"visualization"},{"id":"bd5435f0-4a4d-11e8-9b0a-f1d33346f773","name":"panel_8","type":"visualization"}],"sort":[1643385898421,801],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTU3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Intel - Seen (Donut Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"Intel - Seen (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"seen_where.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Seen (Where)\"}}]}"},"coreMigrationVersion":"7.16.2","id":"3013af40-399b-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,803],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTU4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RADIUS - Authentication Result","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"RADIUS - Authentication Result\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"result.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"7.16.2","id":"30348db0-4a5b-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,805],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTU5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - File/Path Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"SMB - File/Path Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"path.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"File Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"action.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"306c4330-4175-11e7-a0f7-47f4c03e3306","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,807],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTYwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Sysmon - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sysmon - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_hostname.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}}]}"},"coreMigrationVersion":"7.16.2","id":"3072c750-6d71-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,809],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTYxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Security Onion - Navigation","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Navigation\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645) \\n \\n**Event Category** \\n[Alert](/kibana/app/dashboards#/view/0e4af1d0-72ae-11ea-8dd2-9d8795a1200b) | \\n[File](/kibana/app/dashboards#/view/0245be10-6ec1-11ea-9266-1fd14ca6af34) |\\n[Host](/kibana/app/dashboards#/view/92e63cc0-6ec0-11ea-9266-1fd14ca6af34) | [Network](/kibana/app/dashboards#/view/04ff3ef0-6ea4-11ea-9266-1fd14ca6af34) \"},\"aggs\":[]}"},"coreMigrationVersion":"7.16.2","id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[],"sort":[1643385898421,810],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTYyLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"*\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":9,\"h\":8,\"i\":\"c706b8e5-9d49-4700-a3ea-26e86ac3a4c4\"},\"panelIndex\":\"c706b8e5-9d49-4700-a3ea-26e86ac3a4c4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":0,\"w\":16,\"h\":8,\"i\":\"77c5d557-83e4-40b9-9177-388db29d711d\"},\"panelIndex\":\"77c5d557-83e4-40b9-9177-388db29d711d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":8,\"i\":\"f044ff9c-455a-4085-88c8-92e9ead2bba0\"},\"panelIndex\":\"f044ff9c-455a-4085-88c8-92e9ead2bba0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"54873f75-4452-4938-840d-3a2f50547a88\"},\"panelIndex\":\"54873f75-4452-4938-840d-3a2f50547a88\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":8,\"w\":13,\"h\":19,\"i\":\"30749cb6-18ad-4069-b18d-5912086fff9c\"},\"panelIndex\":\"30749cb6-18ad-4069-b18d-5912086fff9c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":22,\"y\":8,\"w\":13,\"h\":19,\"i\":\"7c498d50-d009-493a-a8c9-c91303ad5556\"},\"panelIndex\":\"7c498d50-d009-493a-a8c9-c91303ad5556\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":35,\"y\":8,\"w\":13,\"h\":19,\"i\":\"2f69e716-e6e9-4595-801d-8f59b7d2c574\"},\"panelIndex\":\"2f69e716-e6e9-4595-801d-8f59b7d2c574\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":31,\"i\":\"6ddfd0a2-337e-47d1-8d4c-bc386a4210af\"},\"panelIndex\":\"6ddfd0a2-337e-47d1-8d4c-bc386a4210af\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Indicator","version":1},"coreMigrationVersion":"7.16.2","id":"30d0ac90-729f-11ea-8dd2-9d8795a1200b","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"d9eb5b30-6ea9-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_3","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"search"}],"sort":[1643385898421,819],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTYzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Destination IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}"},"coreMigrationVersion":"7.16.2","id":"30e97190-6eb6-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1643385898421,821],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTY0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Weird - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"312cd460-364e-11e7-9dc3-d35061cb642d","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,823],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTY1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RFB - Server Version","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RFB - Server Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rfb.server_major_version.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.server_major_version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.server_minor_version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Minor Version\"}}]}"},"coreMigrationVersion":"7.16.2","id":"316e90a0-75c8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,825],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTY2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DHCP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"},"coreMigrationVersion":"7.16.2","id":"317f8410-3655-11e7-baa7-b7de4ee40605","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,827],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTY3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"31f5e040-3aad-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,829],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTY4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Security Onion - Host Data","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645) \\n \\n**Modules** \\n[Osquery](/kibana/app/dashboards#/view/bf7cf8d0-7732-11ea-bee5-af7f7c7b8e05) \\n[Sysmon](/kibana/app/dashboards#/view/32f01e80-c780-11ea-bebb-37c5ab5894ea) \\n[Wazuh](/kibana/app/dashboards#/view/9480f190-7732-11ea-bee5-af7f7c7b8e05) \\n\"},\"title\":\"Security Onion - Host Data\"}"},"coreMigrationVersion":"7.16.2","id":"df50eba0-6ec0-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[],"sort":[1643385898421,830],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTY5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Username","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Username\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - Username\"}"},"coreMigrationVersion":"7.16.2","id":"767c89f0-af4c-11ea-b262-353d451b125b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,832],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTcwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Host - Process CLI","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Host - Process CLI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"process.command_line.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process.command_line.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command Line\"}}]}"},"coreMigrationVersion":"7.16.2","id":"758187b0-72bd-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,834],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTcxLDE1XQ=="} -{"attributes":{"columns":["host.name","event.module","event.dataset","process.command_line","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.category:host \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"Security Onion - Host Logs","version":1},"coreMigrationVersion":"7.16.2","id":"a866be10-0e45-11eb-a255-e1e8e85e3571","migrationVersion":{"search":"7.9.3"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,836],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTcyLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.module:sysmon\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":7,\"i\":\"7f9eaa30-b358-4027-a312-249defe273c4\"},\"panelIndex\":\"7f9eaa30-b358-4027-a312-249defe273c4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":7,\"y\":0,\"w\":17,\"h\":7,\"i\":\"ca041a33-b29f-4ce6-8762-2dd86a9c27a2\"},\"panelIndex\":\"ca041a33-b29f-4ce6-8762-2dd86a9c27a2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":7,\"i\":\"4e6cdaec-ad6d-46b2-abdc-7383382635c7\"},\"panelIndex\":\"4e6cdaec-ad6d-46b2-abdc-7383382635c7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":7,\"w\":12,\"h\":16,\"i\":\"a49b6a25-fbb1-45bb-9585-c6ade0fced1f\"},\"panelIndex\":\"a49b6a25-fbb1-45bb-9585-c6ade0fced1f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":12,\"y\":7,\"w\":12,\"h\":16,\"i\":\"0172c75f-b90b-4bd6-852f-0852a2ace598\"},\"panelIndex\":\"0172c75f-b90b-4bd6-852f-0852a2ace598\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":24,\"y\":7,\"w\":24,\"h\":16,\"i\":\"1d246882-3945-4a7e-b602-15ccf3f09310\"},\"panelIndex\":\"1d246882-3945-4a7e-b602-15ccf3f09310\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}},\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":23,\"w\":48,\"h\":31,\"i\":\"48739737-ef82-4533-9a8e-f9fe0f615b05\"},\"panelIndex\":\"48739737-ef82-4533-9a8e-f9fe0f615b05\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Security Onion - Sysmon","version":1},"coreMigrationVersion":"7.16.2","id":"32f01e80-c780-11ea-bebb-37c5ab5894ea","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"df50eba0-6ec0-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_3","type":"visualization"},{"id":"767c89f0-af4c-11ea-b262-353d451b125b","name":"panel_4","type":"visualization"},{"id":"758187b0-72bd-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"a866be10-0e45-11eb-a255-e1e8e85e3571","name":"panel_6","type":"search"}],"sort":[1643385898421,844],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTczLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNS - Query Type Name (Donut)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - DNS - Query Type Name (Donut)\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"dns.query.type_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true}}"},"coreMigrationVersion":"7.16.2","id":"336dbde0-88aa-11eb-9841-852c8cc8a2e8","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,846],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTc0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Tunnels - Action (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Tunnels - Action (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"action.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}}]}"},"coreMigrationVersion":"7.16.2","id":"33b39a60-6e35-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,848],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTc1LDE1XQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_irc\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"IRC - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"344c6010-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,850],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTc2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Severity (Horizontal Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false},\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Severity (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":false,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{\"text\":\"Severity\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"severity.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Severity\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"346e5c30-76b7-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"sort":[1643385898421,852],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTc3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMB - Share Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMB - Share Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smb.share_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.16.2","id":"34762420-75f0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,854],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTc4LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"265fc12b-5b8f-4440-9d9a-77ca0e8b2ac0":{"columnOrder":["b2fc5f2d-52a4-4e20-9ca6-1afad1b8b45e"],"columns":{"b2fc5f2d-52a4-4e20-9ca6-1afad1b8b45e":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.category","negate":false,"params":{"query":"file"},"type":"phrase"},"query":{"match_phrase":{"event.category":"file"}}}],"query":{"language":"kuery","query":"event.category.keyword : \"file\""},"visualization":{"accessor":"b2fc5f2d-52a4-4e20-9ca6-1afad1b8b45e","layerId":"265fc12b-5b8f-4440-9d9a-77ca0e8b2ac0","layerType":"data"}},"title":"Endgame - File All Logs","visualizationType":"lnsMetric"},"coreMigrationVersion":"7.16.2","id":"3505d400-6d6d-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-265fc12b-5b8f-4440-9d9a-77ca0e8b2ac0","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,859],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTc5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Intel - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"361d0bd0-35b7-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,861],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTgwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Message Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dhcp.message_types.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message Type\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - DHCP - Message Type\"}"},"coreMigrationVersion":"7.16.2","id":"36200e40-c76b-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,863],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTgxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Changes by Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"osquery - Changes by Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Change Type\"}}]}"},"coreMigrationVersion":"7.16.2","id":"369e16e0-14e4-11e9-82f7-0da02d93a48b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"84116380-14e1-11e9-82f7-0da02d93a48b","name":"search_0","type":"search"}],"sort":[1643385898421,865],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTgyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Certificate Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_subject.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"3753e110-365a-11e7-bf60-314364dd1cde","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,867],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTgzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - IRC - Command Info","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - IRC - Command Info\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"irc.command.info.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"irc.command.info.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command Info\"}}]}"},"coreMigrationVersion":"7.16.2","id":"db279540-75bb-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,869],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTg0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - User Command Overview","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - User Command Overview\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"irc.nickname.keyword: Descending\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Command Type\",\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"irc.username.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"irc.username.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"irc.nickname.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"irc.command.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command Type\"}}]}"},"coreMigrationVersion":"7.16.2","id":"f7ee5fb0-75bb-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,871],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTg1LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:irc\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"2d2b4444-14c0-4812-a22e-ca6d509a0c7f\"},\"panelIndex\":\"2d2b4444-14c0-4812-a22e-ca6d509a0c7f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"0035e7f6-2c85-494d-88aa-0f6ebc21f6c8\"},\"panelIndex\":\"0035e7f6-2c85-494d-88aa-0f6ebc21f6c8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"147c5d40-556b-4b41-a1bb-ed0976fae0c8\"},\"panelIndex\":\"147c5d40-556b-4b41-a1bb-ed0976fae0c8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":19,\"i\":\"9a9084a5-0f74-4bdd-befd-b9bece56ea53\"},\"panelIndex\":\"9a9084a5-0f74-4bdd-befd-b9bece56ea53\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":9,\"h\":19,\"i\":\"9ffba622-36f6-4343-b0a3-1c59e3f6d297\"},\"panelIndex\":\"9ffba622-36f6-4343-b0a3-1c59e3f6d297\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":17,\"y\":8,\"w\":15,\"h\":19,\"i\":\"f0f0af04-4f81-437a-ada5-173a1ef8bd11\"},\"panelIndex\":\"f0f0af04-4f81-437a-ada5-173a1ef8bd11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":19,\"i\":\"3dab7339-3266-4127-86f3-eef2108d5dbf\"},\"panelIndex\":\"3dab7339-3266-4127-86f3-eef2108d5dbf\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":47,\"h\":29,\"i\":\"f5bae4c6-d940-4a76-ba9c-3d5c5ab6849e\"},\"panelIndex\":\"f5bae4c6-d940-4a76-ba9c-3d5c5ab6849e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - IRC","version":1},"coreMigrationVersion":"7.16.2","id":"38523560-75ba-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"db279540-75bb-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"f7ee5fb0-75bb-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"search"}],"sort":[1643385898421,880],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTg2LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"d1d0219a-3c5d-4c24-943c-dafe00421b26":{"columnOrder":["e3d97be9-0be4-484c-96d1-4a0a448d0cc5","caaf881d-e6f4-42fd-a4a1-4f31bac99ae1","01d1bced-438c-4d43-8656-c0ccc397b73a","32e4e9b9-39d0-4f61-827b-d04b53c6963d","7351d5b7-3a5e-425e-ae08-c2ba2f5fb4b2"],"columns":{"01d1bced-438c-4d43-8656-c0ccc397b73a":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"process.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"7351d5b7-3a5e-425e-ae08-c2ba2f5fb4b2","type":"column"},"orderDirection":"desc","otherBucket":true,"size":10},"scale":"ordinal","sourceField":"process.name"},"32e4e9b9-39d0-4f61-827b-d04b53c6963d":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"user.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"7351d5b7-3a5e-425e-ae08-c2ba2f5fb4b2","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"user.name"},"7351d5b7-3a5e-425e-ae08-c2ba2f5fb4b2":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Total network.bytes","operationType":"sum","scale":"ratio","sourceField":"network.bytes"},"caaf881d-e6f4-42fd-a4a1-4f31bac99ae1":{"customLabel":true,"dataType":"ip","isBucketed":true,"label":"destination.ip","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"7351d5b7-3a5e-425e-ae08-c2ba2f5fb4b2","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"destination.ip"},"e3d97be9-0be4-484c-96d1-4a0a448d0cc5":{"customLabel":true,"dataType":"ip","isBucketed":true,"label":"source.ip","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"7351d5b7-3a5e-425e-ae08-c2ba2f5fb4b2","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"source.ip"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.category","negate":false,"params":{"query":"network"},"type":"phrase"},"query":{"match_phrase":{"event.category":"network"}}}],"query":{"language":"kuery","query":""},"visualization":{"columns":[{"columnId":"01d1bced-438c-4d43-8656-c0ccc397b73a","isTransposed":false},{"columnId":"32e4e9b9-39d0-4f61-827b-d04b53c6963d","isTransposed":false},{"columnId":"7351d5b7-3a5e-425e-ae08-c2ba2f5fb4b2","isTransposed":false},{"columnId":"e3d97be9-0be4-484c-96d1-4a0a448d0cc5","isTransposed":false},{"columnId":"caaf881d-e6f4-42fd-a4a1-4f31bac99ae1","isTransposed":false}],"layerId":"d1d0219a-3c5d-4c24-943c-dafe00421b26","layerType":"data"}},"title":"Endgame - Network Traffic","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"38c95ae0-6e4d-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-d1d0219a-3c5d-4c24-943c-dafe00421b26","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,885],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTg3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NIDS - Alert Summary - Drilldown","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Alert Summary - Drilldown\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}"},"coreMigrationVersion":"7.16.2","id":"3a1b54b0-e061-11e9-8f0c-2ddbf5ed9290","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,887],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTg4LDE1XQ=="} -{"attributes":{"columns":["message"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:ossec_archive\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"OSSEC - Archive","version":1},"coreMigrationVersion":"7.16.2","id":"ebf74e90-342f-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,889],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTg5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"OSSEC - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"OSSEC - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHHXl3xQT5EBNmq42U","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"efba60c0-3642-11e7-a6f7-4f44d7bf1c33","name":"search_0","type":"search"}],"sort":[1643385898421,891],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTkwLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\",\"time_zone\":\"America/New_York\"}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"columns\":[\"alert_level\",\"classification\",\"description\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":28,\"x\":0,\"y\":48,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"columns\":[\"message\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"}]","timeRestore":false,"title":"z16.04 - OSSEC","version":1},"coreMigrationVersion":"7.16.2","id":"3a457d70-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"2817b300-3643-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"efba60c0-3642-11e7-a6f7-4f44d7bf1c33","name":"panel_2","type":"search"},{"id":"ebf74e90-342f-11e7-9e93-53b62e1857b2","name":"panel_3","type":"search"},{"id":"AWDHHXl3xQT5EBNmq42U","name":"panel_4","type":"visualization"}],"sort":[1643385898421,897],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTkxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - All Log Count Over Time Stacked Bar Graph","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - All Log Count Over Time Stacked Bar Graph\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30m\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"group\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{},\"style\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"},\"style\":{}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":3}],\"addTooltip\":true,\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"addLegend\":true,\"legendPosition\":\"right\",\"fittingFunction\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"labels\":{},\"radiusRatio\":9,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"row\":true}}"},"coreMigrationVersion":"7.16.2","id":"3ae34620-6258-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,900],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTkyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - MySQL - Response","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - MySQL - Response\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.response.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.16.2","id":"3af496e0-75c0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,902],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTkzLDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"9643f560-7a46-408c-b61d-ed2a87fc6103":{"columnOrder":["305b2f21-9981-40d5-a79b-f7a78eea89b4","3520723b-f0f3-4845-975c-e97380d8124b"],"columns":{"305b2f21-9981-40d5-a79b-f7a78eea89b4":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"process.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"3520723b-f0f3-4845-975c-e97380d8124b","type":"column"},"orderDirection":"desc","otherBucket":true,"size":20},"scale":"ordinal","sourceField":"process.name"},"3520723b-f0f3-4845-975c-e97380d8124b":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":"event.kind : \"alert\" "},"visualization":{"layers":[{"categoryDisplay":"default","groups":["305b2f21-9981-40d5-a79b-f7a78eea89b4"],"layerId":"9643f560-7a46-408c-b61d-ed2a87fc6103","layerType":"data","legendDisplay":"default","metric":"3520723b-f0f3-4845-975c-e97380d8124b","nestedLegend":false,"numberDisplay":"percent"}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"treemap"}},"title":"Endgame - Alerted Processes","visualizationType":"lnsPie"},"coreMigrationVersion":"7.16.2","id":"3b3e2860-6cc1-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-9643f560-7a46-408c-b61d-ed2a87fc6103","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,906],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTk0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - Hosts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - Hosts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"showToolbar\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"coreMigrationVersion":"7.16.2","id":"3b50b220-53ab-11ec-b3ef-6bcc33056a36","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,908],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTk1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"},"savedSearchRefName":"search_0","title":"Sysmon - Image","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"Sysmon - Image\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"image_path.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"None\",\"exclude\":\"\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Image\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"parent_image_path.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"None\",\"exclude\":\"\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Parent Image\"}}]}"},"coreMigrationVersion":"7.16.2","id":"3b6c92c0-6d72-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,910],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTk2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Syslog - Priority (Vertical bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Syslog - Priority (Vertical bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Priority\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"syslog-priority.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Priority\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"3bf1fdc0-76e6-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"search_0","type":"search"}],"sort":[1643385898421,912],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTk3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"IRC - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"IRC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"},"coreMigrationVersion":"7.16.2","id":"3c073d20-6e17-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,914],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTk4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Modbus - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Modbus - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}]}"},"coreMigrationVersion":"7.16.2","id":"3c65f500-380b-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,916],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzEzOTk5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Tunnels - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"3cdf2400-3808-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,918],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDAwLDE1XQ=="} -{"attributes":{"description":null,"state":{"datasourceStates":{"indexpattern":{"layers":{"ada16f03-98be-4005-a5de-c8d6ab2f41b0":{"columnOrder":["c6cd0d5c-dbcb-47e3-9849-af365d083036","b8110029-a497-4182-982f-dc8a78dc672d","ae6e4640-cf44-48dd-9d9d-8849ed9af262"],"columns":{"ae6e4640-cf44-48dd-9d9d-8849ed9af262":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"b8110029-a497-4182-982f-dc8a78dc672d":{"dataType":"string","isBucketed":true,"label":"Top values of event.module.keyword","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"ae6e4640-cf44-48dd-9d9d-8849ed9af262","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"event.module.keyword"},"c6cd0d5c-dbcb-47e3-9849-af365d083036":{"dataType":"string","isBucketed":true,"label":"Top values of event.category.keyword","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"ae6e4640-cf44-48dd-9d9d-8849ed9af262","type":"column"},"orderDirection":"desc","otherBucket":true,"size":5},"scale":"ordinal","sourceField":"event.category.keyword"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"categoryDisplay":"default","groups":["c6cd0d5c-dbcb-47e3-9849-af365d083036","b8110029-a497-4182-982f-dc8a78dc672d"],"layerId":"ada16f03-98be-4005-a5de-c8d6ab2f41b0","layerType":"data","legendDisplay":"default","metric":"ae6e4640-cf44-48dd-9d9d-8849ed9af262","nestedLegend":true,"numberDisplay":"percent","percentDecimals":2}],"palette":{"name":"status","type":"palette"},"shape":"pie"}},"title":"Security Onion - Data Overview (Lens)","visualizationType":"lnsPie"},"coreMigrationVersion":"7.16.2","id":"3e1a8260-8809-11eb-9841-852c8cc8a2e8","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"indexpattern-datasource-layer-ada16f03-98be-4005-a5de-c8d6ab2f41b0","type":"index-pattern"}],"sort":[1643385898421,921],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDAxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - File - Source","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - File - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.action.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.16.2","id":"3e6037d0-75f2-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,923],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDAyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NIDS - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"},"coreMigrationVersion":"7.16.2","id":"3f040620-4a44-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,925],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDAzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"3f34faa0-3636-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,927],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDA0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Agent - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Agent - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"},"coreMigrationVersion":"7.16.2","id":"407784f0-7738-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,929],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDA1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Connections - Top 10 - Total Bytes By Source IP","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Top 10 - Total Bytes By Source IP\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Source IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"left\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"source_ip\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source_ip\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}}]}"},"coreMigrationVersion":"7.16.2","id":"41a33c80-3b0d-11e7-a6f9-5d3fe735ec2b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,931],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDA2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"X.509 - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"41bee360-3642-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,933],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDA3LDE1XQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND _exists_:creation_date AND creation_date:[now-3M TO now]\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"DNS - Domains with creation date < 3 months","version":1},"coreMigrationVersion":"7.16.2","id":"fce833e0-6f12-11e7-86c8-a1b6db3b051a","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,935],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDA4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Baby Domain Requests","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Baby Domain Requests\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"highest_registered_domain.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"creation_date\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"_term\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"41ec0ca0-6f13-11e7-86c8-a1b6db3b051a","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"fce833e0-6f12-11e7-86c8-a1b6db3b051a","name":"search_0","type":"search"}],"sort":[1643385898421,937],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDA5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SNMP - Community String","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SNMP - Community String\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"snmp.community.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"snmp.community.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Community String\"}}]}"},"coreMigrationVersion":"7.16.2","id":"424ace90-75e9-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,939],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDEwLDE1XQ=="} -{"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"process\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.category\":\"process\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Endgame - Process Search","version":1},"coreMigrationVersion":"7.16.2","id":"424d7a60-6f0b-11ec-864c-8b5450f97635","migrationVersion":{"search":"7.9.3"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1643385898421,942],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDExLDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"10863c78-73fc-4739-88ea-b6e3419da4db":{"columnOrder":["e472c6a1-d786-43f7-95f0-df55a990e268","4e101a7c-04a5-4ab9-96c5-ef10fc92547b"],"columns":{"4e101a7c-04a5-4ab9-96c5-ef10fc92547b":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"e472c6a1-d786-43f7-95f0-df55a990e268":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.category","negate":false,"params":{"query":"file"},"type":"phrase"},"query":{"match_phrase":{"event.category":"file"}}}],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":0},"layers":[{"accessors":["4e101a7c-04a5-4ab9-96c5-ef10fc92547b"],"layerId":"10863c78-73fc-4739-88ea-b6e3419da4db","layerType":"data","position":"top","seriesType":"line","showGridlines":false,"xAccessor":"e472c6a1-d786-43f7-95f0-df55a990e268"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"line","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","yLeftExtent":{"mode":"full"},"yRightExtent":{"mode":"full"}}},"title":"Endgame - File Log Count Over Time","visualizationType":"lnsXY"},"coreMigrationVersion":"7.16.2","id":"42a22c30-6d6d-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-10863c78-73fc-4739-88ea-b6e3419da4db","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,947],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDEyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"endpoint.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"operation.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"named_pipe.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}]}"},"coreMigrationVersion":"7.16.2","id":"42b17660-4a47-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,949],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDEzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Syslog - Log Count Over Time","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Syslog - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 10 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"79a2a4e0-76e5-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"search_0","type":"search"}],"sort":[1643385898421,951],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDE0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Syslog - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Syslog - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-sourceip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"},"coreMigrationVersion":"7.16.2","id":"e7a99b10-76e5-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"search_0","type":"search"}],"sort":[1643385898421,953],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDE1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Syslog - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Syslog - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHKVLMxQT5EBNmq5HX","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"search_0","type":"search"}],"sort":[1643385898421,955],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDE2LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\",\"time_zone\":\"America/New_York\"}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":24,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":16,\"x\":8,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":60,\"x\":0,\"y\":48,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"syslog-host_from\",\"syslog-priority\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"z16.04 - Syslog","version":1},"coreMigrationVersion":"7.16.2","id":"4323af90-76e5-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"79a2a4e0-76e5-11e7-ab14-e1a4c1bc11e0","name":"panel_1","type":"visualization"},{"id":"e7a99b10-76e5-11e7-ab14-e1a4c1bc11e0","name":"panel_2","type":"visualization"},{"id":"0a2ce700-76e6-11e7-ab14-e1a4c1bc11e0","name":"panel_3","type":"visualization"},{"id":"3bf1fdc0-76e6-11e7-ab14-e1a4c1bc11e0","name":"panel_4","type":"visualization"},{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"panel_5","type":"search"},{"id":"AWDHKVLMxQT5EBNmq5HX","name":"panel_6","type":"visualization"}],"sort":[1643385898421,963],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDE3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Tunnels - Type (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Tunnels - Type (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tunnel_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"7.16.2","id":"43b2b040-3807-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,965],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDE4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Certificate Key Algorithm (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"X.509 - Certificate Key Algorithm (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"certificate_key_algorithm.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Algorithm\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"446e85c0-6e37-11e7-a8d6-ed2e692de531","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,967],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDE5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Least Common HTTP Methods","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Least Common HTTP Methods\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":13,\"maxFontSize\":39,\"showLabel\":false,\"metric\":{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}}},\"bucket\":{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.method.keyword\",\"orderBy\":\"1\",\"order\":\"asc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.16.2","id":"6411e5b0-6eb2-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1643385898421,969],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDIwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"},"coreMigrationVersion":"7.16.2","id":"6d0fb2b0-6eb6-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1643385898421,971],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDIxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"destination.port: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}"},"coreMigrationVersion":"7.16.2","id":"51ad64d0-6eb7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1643385898421,973],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDIyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - UserAgent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - UserAgent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.useragent.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"UserAgent\"}}]}"},"coreMigrationVersion":"7.16.2","id":"c2f93f40-6ed7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1643385898421,975],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDIzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - URI","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - URI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"http.uri.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.uri.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"URI\"}}]}"},"coreMigrationVersion":"7.16.2","id":"f22e8660-6eb6-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1643385898421,977],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDI0LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:http\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"6e3caf86-a1ea-4363-9c73-205de5f43ba9\"},\"panelIndex\":\"6e3caf86-a1ea-4363-9c73-205de5f43ba9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":14,\"y\":0,\"w\":16,\"h\":9,\"i\":\"0b0546ef-637b-4a40-b87b-a454b78cc810\"},\"panelIndex\":\"0b0546ef-637b-4a40-b87b-a454b78cc810\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":9,\"i\":\"9c49b93a-5b5d-4613-8342-c01c69970bce\"},\"panelIndex\":\"9c49b93a-5b5d-4613-8342-c01c69970bce\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":18,\"i\":\"15d7c88b-1619-4290-8968-fa2adfddd72f\"},\"panelIndex\":\"15d7c88b-1619-4290-8968-fa2adfddd72f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":18,\"i\":\"d1219968-6b7f-4040-9c75-0611b9cbf8a0\"},\"panelIndex\":\"d1219968-6b7f-4040-9c75-0611b9cbf8a0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":9,\"w\":9,\"h\":18,\"i\":\"377e3099-7aec-474c-9201-2f1845c58d24\"},\"panelIndex\":\"377e3099-7aec-474c-9201-2f1845c58d24\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":25,\"y\":9,\"w\":23,\"h\":18,\"i\":\"1b444602-2f1c-4c32-85fc-1e5f46235303\"},\"panelIndex\":\"1b444602-2f1c-4c32-85fc-1e5f46235303\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":11,\"h\":18,\"i\":\"9b1df72c-b6fd-4abd-a961-32176c26cc3d\"},\"panelIndex\":\"9b1df72c-b6fd-4abd-a961-32176c26cc3d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":11,\"y\":27,\"w\":10,\"h\":18,\"i\":\"52c3ab70-9b8d-4c26-953d-f1a943fdff38\"},\"panelIndex\":\"52c3ab70-9b8d-4c26-953d-f1a943fdff38\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":21,\"y\":27,\"w\":27,\"h\":18,\"i\":\"ea97cb71-fbb6-46ae-bb4a-4d01c3a6edb2\"},\"panelIndex\":\"ea97cb71-fbb6-46ae-bb4a-4d01c3a6edb2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":29,\"i\":\"17d41692-eb81-4c13-aaa3-2a4bccc125df\"},\"panelIndex\":\"17d41692-eb81-4c13-aaa3-2a4bccc125df\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"Security Onion - HTTP","version":1},"coreMigrationVersion":"7.16.2","id":"44e9c820-6eb1-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"6411e5b0-6eb2-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6d0fb2b0-6eb6-11ea-9266-1fd14ca6af34","name":"panel_3","type":"visualization"},{"id":"30e97190-6eb6-11ea-9266-1fd14ca6af34","name":"panel_4","type":"visualization"},{"id":"51ad64d0-6eb7-11ea-9266-1fd14ca6af34","name":"panel_5","type":"visualization"},{"id":"c2f93f40-6ed7-11ea-9266-1fd14ca6af34","name":"panel_6","type":"visualization"},{"id":"088aad70-7377-11ea-a3da-cbdb4f8a90c0","name":"panel_7","type":"visualization"},{"id":"28bf2ef0-6eb7-11ea-9266-1fd14ca6af34","name":"panel_8","type":"visualization"},{"id":"f22e8660-6eb6-11ea-9266-1fd14ca6af34","name":"panel_9","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_10","type":"search"}],"sort":[1643385898421,989],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDI1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Modbus - Function","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Modbus - Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"function.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Function\"}}]}"},"coreMigrationVersion":"7.16.2","id":"453f8b90-4a58-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,991],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDI2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NIDS Alerts - Category","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NIDS Alerts - Category\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":200},\"position\":\"left\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Category\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":75,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"bottom\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"category.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Category\"}}]}"},"coreMigrationVersion":"7.16.2","id":"45464b50-3af6-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,993],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDI3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Query Class (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DNS - Query Class (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"query_class_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query Class\"}}]}"},"coreMigrationVersion":"7.16.2","id":"45a652b0-34c1-11e7-917c-af7a9d11771a","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,995],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDI4LDE1XQ=="} -{"attributes":{"columns":["message","fuid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_pe\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"PE - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"66288140-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,997],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDI5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"PE - OS (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"PE - OS (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"os.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"7.16.2","id":"45c4ae10-380c-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,999],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDMwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSH - Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSH - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssh.server.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssh.server.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}}]}"},"coreMigrationVersion":"7.16.2","id":"46221fe0-75ea-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1001],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDMxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DCE/RPC - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"cbb67b00-3af2-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,1003],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDMyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"f52f8bc0-3af2-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,1005],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDMzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Endpoint","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Endpoint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"endpoint.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"553acbb0-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,1007],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDM0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Named Pipe","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Named Pipe\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"named_pipe.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"6b7122d0-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,1009],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDM1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Operation","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"operation.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"86107960-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,1011],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDM2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Round Trip Time","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Round Trip Time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rtt\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Round Trip Time\"}}]}"},"coreMigrationVersion":"7.16.2","id":"f275f490-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,1013],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDM3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDG8k4OxQT5EBNmq37a","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,1015],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDM4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"},"coreMigrationVersion":"7.16.2","id":"d979b0f0-4a45-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,1017],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDM5LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":104,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":56,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":56,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":80,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":8,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":80,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"z16.04 - Bro - DCE/RPC","version":1},"coreMigrationVersion":"7.16.2","id":"46582d50-3af2-11e7-a83b-b1b4da7d15f4","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"panel_0","type":"search"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"cbb67b00-3af2-11e7-a83b-b1b4da7d15f4","name":"panel_2","type":"visualization"},{"id":"f52f8bc0-3af2-11e7-a83b-b1b4da7d15f4","name":"panel_3","type":"visualization"},{"id":"10b8a610-3af3-11e7-a83b-b1b4da7d15f4","name":"panel_4","type":"visualization"},{"id":"553acbb0-3af3-11e7-a83b-b1b4da7d15f4","name":"panel_5","type":"visualization"},{"id":"6b7122d0-3af3-11e7-a83b-b1b4da7d15f4","name":"panel_6","type":"visualization"},{"id":"86107960-3af3-11e7-a83b-b1b4da7d15f4","name":"panel_7","type":"visualization"},{"id":"f275f490-3af3-11e7-a83b-b1b4da7d15f4","name":"panel_8","type":"visualization"},{"id":"AWDG8k4OxQT5EBNmq37a","name":"panel_9","type":"visualization"},{"id":"d979b0f0-4a45-11e8-9b0a-f1d33346f773","name":"panel_10","type":"visualization"},{"id":"42b17660-4a47-11e8-9b0a-f1d33346f773","name":"panel_11","type":"visualization"}],"sort":[1643385898421,1030],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDQwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Source","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sources.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"613de590-399b-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1032],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDQxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"a5571030-399b-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1034],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDQyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"ba2d3b10-399b-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1036],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDQzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Indicator","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Indicator\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"indicator.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Indicator\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"6380b430-399c-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1038],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDQ0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - MIME Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mimetype.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"af614b80-399c-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1040],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDQ1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Matched","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Matched\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"matched.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type Matched\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"c8540380-399c-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1042],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDQ2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"a5bcec80-6e15-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1044],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDQ3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Intel - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDG-Qf8xQT5EBNmq4G5","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1046],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDQ4LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":16,\"x\":8,\"y\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":72,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":72,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":28,\"h\":24,\"x\":20,\"y\":48,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":0,\"y\":48,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":96,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"uid\",\"fuid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":72,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":16,\"x\":28,\"y\":8,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"}]","timeRestore":false,"title":"z16.04 - Bro - Intel","version":1},"coreMigrationVersion":"7.16.2","id":"468022c0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"361d0bd0-35b7-11e7-a994-c528746bc6e8","name":"panel_1","type":"visualization"},{"id":"3013af40-399b-11e7-8472-0151e5b2b475","name":"panel_2","type":"visualization"},{"id":"613de590-399b-11e7-8472-0151e5b2b475","name":"panel_3","type":"visualization"},{"id":"a5571030-399b-11e7-8472-0151e5b2b475","name":"panel_4","type":"visualization"},{"id":"ba2d3b10-399b-11e7-8472-0151e5b2b475","name":"panel_5","type":"visualization"},{"id":"6380b430-399c-11e7-8472-0151e5b2b475","name":"panel_6","type":"visualization"},{"id":"af614b80-399c-11e7-8472-0151e5b2b475","name":"panel_7","type":"visualization"},{"id":"c8540380-399c-11e7-8472-0151e5b2b475","name":"panel_8","type":"visualization"},{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"panel_9","type":"search"},{"id":"a5bcec80-6e15-11e7-8624-1fb07dd76c6a","name":"panel_10","type":"visualization"},{"id":"07622d60-6e16-11e7-8624-1fb07dd76c6a","name":"panel_11","type":"visualization"},{"id":"AWDG-Qf8xQT5EBNmq4G5","name":"panel_12","type":"visualization"}],"sort":[1643385898421,1060],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDQ5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Category","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Autoruns - Category\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"title\":{\"text\":\"Category\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"category.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Category\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"482be9b0-6d78-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,1062],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDUwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Kerberos - Service","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Kerberos - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"kerberos.service.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"kerberos.service.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}"},"coreMigrationVersion":"7.16.2","id":"48331f00-75bd-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1064],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDUxLDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"860e44c0-e06a-4d8a-9172-b542532df353":{"columnOrder":["55eacb06-199f-41eb-b6dc-b5b1407b7073","0c6f3897-05c7-4aa3-90e5-17f58946a3af","63defa8c-527b-4165-9fb9-4e564bd03695"],"columns":{"0c6f3897-05c7-4aa3-90e5-17f58946a3af":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"55eacb06-199f-41eb-b6dc-b5b1407b7073":{"dataType":"string","isBucketed":true,"label":"Top values of event.action","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"63defa8c-527b-4165-9fb9-4e564bd03695","type":"column"},"orderDirection":"desc","otherBucket":true,"size":5},"scale":"ordinal","sourceField":"event.action"},"63defa8c-527b-4165-9fb9-4e564bd03695":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.category","negate":false,"params":{"query":"file"},"type":"phrase"},"query":{"match_phrase":{"event.category":"file"}}}],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":0},"layers":[{"accessors":["63defa8c-527b-4165-9fb9-4e564bd03695"],"layerId":"860e44c0-e06a-4d8a-9172-b542532df353","layerType":"data","position":"top","seriesType":"bar_stacked","showGridlines":false,"splitAccessor":"55eacb06-199f-41eb-b6dc-b5b1407b7073","xAccessor":"0c6f3897-05c7-4aa3-90e5-17f58946a3af"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"bar_stacked","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","yLeftExtent":{"mode":"full"},"yRightExtent":{"mode":"full"}}},"title":"Endgame - File Event Action","visualizationType":"lnsXY"},"coreMigrationVersion":"7.16.2","id":"4d6bdc60-6d6d-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-860e44c0-e06a-4d8a-9172-b542532df353","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1069],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDUyLDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"b12aced8-11a0-4a83-a7c5-129f142e8f04":{"columnOrder":["bc61b519-0caa-4bf7-bbe7-6077fb307d0a","f549d182-14e5-4395-b185-4cd192e4030c"],"columns":{"bc61b519-0caa-4bf7-bbe7-6077fb307d0a":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"user.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"f549d182-14e5-4395-b185-4cd192e4030c","type":"column"},"orderDirection":"desc","otherBucket":true,"size":20},"scale":"ordinal","sourceField":"user.name"},"f549d182-14e5-4395-b185-4cd192e4030c":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.category","negate":false,"params":{"query":"file"},"type":"phrase"},"query":{"match_phrase":{"event.category":"file"}}}],"query":{"language":"kuery","query":""},"visualization":{"columns":[{"columnId":"bc61b519-0caa-4bf7-bbe7-6077fb307d0a"},{"columnId":"f549d182-14e5-4395-b185-4cd192e4030c"}],"layerId":"b12aced8-11a0-4a83-a7c5-129f142e8f04","layerType":"data"}},"title":"Endgame - File Username","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"5a43fa30-6d6d-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-b12aced8-11a0-4a83-a7c5-129f142e8f04","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1074],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDUzLDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"e5f77e35-1bc5-4487-9602-e2962cafa87b":{"columnOrder":["ade5af28-bac8-4a2d-adff-28580282a9d2","bb5f0057-5e74-4baf-9839-aff53de6d145","e480935c-b388-48c6-9582-fb4600b462fb"],"columns":{"ade5af28-bac8-4a2d-adff-28580282a9d2":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"file.name","operationType":"terms","params":{"missingBucket":true,"orderBy":{"columnId":"e480935c-b388-48c6-9582-fb4600b462fb","type":"column"},"orderDirection":"desc","otherBucket":true,"size":25},"scale":"ordinal","sourceField":"file.name"},"bb5f0057-5e74-4baf-9839-aff53de6d145":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"file.path","operationType":"terms","params":{"missingBucket":true,"orderBy":{"columnId":"e480935c-b388-48c6-9582-fb4600b462fb","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"file.path"},"e480935c-b388-48c6-9582-fb4600b462fb":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.category","negate":false,"params":{"query":"file"},"type":"phrase"},"query":{"match_phrase":{"event.category":"file"}}}],"query":{"language":"kuery","query":""},"visualization":{"columns":[{"columnId":"ade5af28-bac8-4a2d-adff-28580282a9d2","isTransposed":false},{"columnId":"e480935c-b388-48c6-9582-fb4600b462fb","isTransposed":false},{"columnId":"bb5f0057-5e74-4baf-9839-aff53de6d145","isTransposed":false}],"layerId":"e5f77e35-1bc5-4487-9602-e2962cafa87b","layerType":"data"}},"title":"Endgame - File Name","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"676296e0-6d6d-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-e5f77e35-1bc5-4487-9602-e2962cafa87b","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1079],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDU0LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"377145dd-d931-4e01-8719-fa4e36df631a":{"columnOrder":["6ba09492-0ce8-4f51-9263-e85a0a74225c","123ad80c-6989-4387-a25a-9f0a60d6ea7b"],"columns":{"123ad80c-6989-4387-a25a-9f0a60d6ea7b":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"6ba09492-0ce8-4f51-9263-e85a0a74225c":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"host.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"123ad80c-6989-4387-a25a-9f0a60d6ea7b","type":"column"},"orderDirection":"desc","otherBucket":true,"size":5},"scale":"ordinal","sourceField":"host.name"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.category","negate":false,"params":{"query":"file"},"type":"phrase"},"query":{"match_phrase":{"event.category":"file"}}}],"query":{"language":"kuery","query":""},"visualization":{"columns":[{"columnId":"6ba09492-0ce8-4f51-9263-e85a0a74225c"},{"columnId":"123ad80c-6989-4387-a25a-9f0a60d6ea7b"}],"layerId":"377145dd-d931-4e01-8719-fa4e36df631a","layerType":"data"}},"title":"Endgame - File Hostname","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"74daec50-6d6d-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-377145dd-d931-4e01-8719-fa4e36df631a","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1084],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDU1LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"3320254d-3b41-4746-946e-70357e58da19":{"columnOrder":["4a9a0ae7-34cc-407e-8f0c-a60c234179b7","9ee7fb17-68de-4b29-b3e8-21336f4b15ca"],"columns":{"4a9a0ae7-34cc-407e-8f0c-a60c234179b7":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"event.type","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"9ee7fb17-68de-4b29-b3e8-21336f4b15ca","type":"column"},"orderDirection":"desc","otherBucket":true,"size":5},"scale":"ordinal","sourceField":"event.type"},"9ee7fb17-68de-4b29-b3e8-21336f4b15ca":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.category","negate":false,"params":{"query":"file"},"type":"phrase"},"query":{"match_phrase":{"event.category":"file"}}}],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"categoryDisplay":"default","groups":["4a9a0ae7-34cc-407e-8f0c-a60c234179b7"],"layerId":"3320254d-3b41-4746-946e-70357e58da19","layerType":"data","legendDisplay":"default","metric":"9ee7fb17-68de-4b29-b3e8-21336f4b15ca","nestedLegend":false,"numberDisplay":"percent"}],"shape":"donut"}},"title":"Endgame - File Event Type (Donut)","visualizationType":"lnsPie"},"coreMigrationVersion":"7.16.2","id":"82ab9af0-6d6d-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-3320254d-3b41-4746-946e-70357e58da19","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1089],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDU2LDE1XQ=="} -{"attributes":{"columns":["file.name","file.directory"],"description":"","grid":{},"hideChart":false,"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Endgame - File Search","version":1},"coreMigrationVersion":"7.16.2","id":"90facda0-6f08-11ec-864c-8b5450f97635","migrationVersion":{"search":"7.9.3"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1643385898421,1092],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDU3LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.16.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":10,\"h\":12,\"i\":\"d3fd89cc-9483-41b1-90e8-c2e86b862d4c\"},\"panelIndex\":\"d3fd89cc-9483-41b1-90e8-c2e86b862d4c\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635) \\n \\n**Event Category** \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame** \\n[Endgame Alerts](https://ENDGAMEHOST/alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}},\"panelRefName\":\"panel_d3fd89cc-9483-41b1-90e8-c2e86b862d4c\"},{\"version\":\"7.16.2\",\"type\":\"lens\",\"gridData\":{\"x\":10,\"y\":0,\"w\":13,\"h\":12,\"i\":\"dcf897df-beb2-4a1b-86b2-4b8b0370aa94\"},\"panelIndex\":\"dcf897df-beb2-4a1b-86b2-4b8b0370aa94\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"id\":\"3505d400-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94\",\"type\":\"lens\"},{\"id\":\"3505d400-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94\",\"type\":\"lens\"},{\"id\":\"3505d400-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94\",\"type\":\"lens\"},{\"id\":\"3505d400-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-265fc12b-5b8f-4440-9d9a-77ca0e8b2ac0\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"265fc12b-5b8f-4440-9d9a-77ca0e8b2ac0\",\"accessor\":\"b2fc5f2d-52a4-4e20-9ca6-1afad1b8b45e\",\"layerType\":\"data\"},\"query\":{\"query\":\"event.category.keyword : \\\"file\\\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"indexRefName\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"265fc12b-5b8f-4440-9d9a-77ca0e8b2ac0\":{\"columns\":{\"b2fc5f2d-52a4-4e20-9ca6-1afad1b8b45e\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"b2fc5f2d-52a4-4e20-9ca6-1afad1b8b45e\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - File All Logs\",\"panelRefName\":\"panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94\"},{\"version\":\"7.16.2\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":12,\"i\":\"fb5061a4-571d-4f4d-a3b5-fd7851d324ca\"},\"panelIndex\":\"fb5061a4-571d-4f4d-a3b5-fd7851d324ca\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"42a22c30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca\",\"type\":\"lens\"},{\"id\":\"42a22c30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca\",\"type\":\"lens\"},{\"id\":\"42a22c30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca\",\"type\":\"lens\"},{\"id\":\"42a22c30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-10863c78-73fc-4739-88ea-b6e3419da4db\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"line\",\"layers\":[{\"layerId\":\"10863c78-73fc-4739-88ea-b6e3419da4db\",\"accessors\":[\"4e101a7c-04a5-4ab9-96c5-ef10fc92547b\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"e472c6a1-d786-43f7-95f0-df55a990e268\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"indexRefName\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"10863c78-73fc-4739-88ea-b6e3419da4db\":{\"columns\":{\"e472c6a1-d786-43f7-95f0-df55a990e268\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"4e101a7c-04a5-4ab9-96c5-ef10fc92547b\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"e472c6a1-d786-43f7-95f0-df55a990e268\",\"4e101a7c-04a5-4ab9-96c5-ef10fc92547b\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - File Log Count Over Time\",\"panelRefName\":\"panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca\"},{\"version\":\"7.16.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":12,\"w\":32,\"h\":16,\"i\":\"30774bd7-ee7f-4c21-aa67-104e961664ee\"},\"panelIndex\":\"30774bd7-ee7f-4c21-aa67-104e961664ee\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"4d6bdc60-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_30774bd7-ee7f-4c21-aa67-104e961664ee\",\"type\":\"lens\"},{\"id\":\"4d6bdc60-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_30774bd7-ee7f-4c21-aa67-104e961664ee\",\"type\":\"lens\"},{\"id\":\"4d6bdc60-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_30774bd7-ee7f-4c21-aa67-104e961664ee\",\"type\":\"lens\"},{\"id\":\"4d6bdc60-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_30774bd7-ee7f-4c21-aa67-104e961664ee\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-860e44c0-e06a-4d8a-9172-b542532df353\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"860e44c0-e06a-4d8a-9172-b542532df353\",\"accessors\":[\"63defa8c-527b-4165-9fb9-4e564bd03695\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"0c6f3897-05c7-4aa3-90e5-17f58946a3af\",\"splitAccessor\":\"55eacb06-199f-41eb-b6dc-b5b1407b7073\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"indexRefName\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"860e44c0-e06a-4d8a-9172-b542532df353\":{\"columns\":{\"55eacb06-199f-41eb-b6dc-b5b1407b7073\":{\"label\":\"Top values of event.action\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.action\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"63defa8c-527b-4165-9fb9-4e564bd03695\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"0c6f3897-05c7-4aa3-90e5-17f58946a3af\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"63defa8c-527b-4165-9fb9-4e564bd03695\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"55eacb06-199f-41eb-b6dc-b5b1407b7073\",\"0c6f3897-05c7-4aa3-90e5-17f58946a3af\",\"63defa8c-527b-4165-9fb9-4e564bd03695\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - File Event Action\",\"panelRefName\":\"panel_30774bd7-ee7f-4c21-aa67-104e961664ee\"},{\"version\":\"7.16.2\",\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":12,\"w\":16,\"h\":16,\"i\":\"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\"},\"panelIndex\":\"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"5a43fa30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\",\"type\":\"lens\"},{\"id\":\"5a43fa30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\",\"type\":\"lens\"},{\"id\":\"5a43fa30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\",\"type\":\"lens\"},{\"id\":\"5a43fa30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-b12aced8-11a0-4a83-a7c5-129f142e8f04\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"b12aced8-11a0-4a83-a7c5-129f142e8f04\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"bc61b519-0caa-4bf7-bbe7-6077fb307d0a\"},{\"columnId\":\"f549d182-14e5-4395-b185-4cd192e4030c\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"indexRefName\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b12aced8-11a0-4a83-a7c5-129f142e8f04\":{\"columns\":{\"bc61b519-0caa-4bf7-bbe7-6077fb307d0a\":{\"label\":\"Top values of user.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f549d182-14e5-4395-b185-4cd192e4030c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"f549d182-14e5-4395-b185-4cd192e4030c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"bc61b519-0caa-4bf7-bbe7-6077fb307d0a\",\"f549d182-14e5-4395-b185-4cd192e4030c\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - File Username\",\"panelRefName\":\"panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\"},{\"version\":\"7.16.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":28,\"w\":23,\"h\":31,\"i\":\"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\"},\"panelIndex\":\"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"type\":\"lens\"},{\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"type\":\"lens\"},{\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"type\":\"lens\"},{\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-e5f77e35-1bc5-4487-9602-e2962cafa87b\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"e5f77e35-1bc5-4487-9602-e2962cafa87b\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"ade5af28-bac8-4a2d-adff-28580282a9d2\"},{\"isTransposed\":false,\"columnId\":\"e480935c-b388-48c6-9582-fb4600b462fb\"},{\"columnId\":\"bb5f0057-5e74-4baf-9839-aff53de6d145\",\"isTransposed\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"indexRefName\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"e5f77e35-1bc5-4487-9602-e2962cafa87b\":{\"columns\":{\"ade5af28-bac8-4a2d-adff-28580282a9d2\":{\"label\":\"Top values of file.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.name\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e480935c-b388-48c6-9582-fb4600b462fb\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true}},\"e480935c-b388-48c6-9582-fb4600b462fb\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"bb5f0057-5e74-4baf-9839-aff53de6d145\":{\"label\":\"Top values of file.path\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.path\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e480935c-b388-48c6-9582-fb4600b462fb\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true}}},\"columnOrder\":[\"ade5af28-bac8-4a2d-adff-28580282a9d2\",\"bb5f0057-5e74-4baf-9839-aff53de6d145\",\"e480935c-b388-48c6-9582-fb4600b462fb\"],\"incompleteColumns\":{}}}}}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - File Name\",\"panelRefName\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\"},{\"version\":\"7.16.2\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":28,\"w\":25,\"h\":11,\"i\":\"7e1aecd8-bbbe-453c-868b-8335f5ab65ea\"},\"panelIndex\":\"7e1aecd8-bbbe-453c-868b-8335f5ab65ea\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"74daec50-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea\",\"type\":\"lens\"},{\"id\":\"74daec50-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea\",\"type\":\"lens\"},{\"id\":\"74daec50-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea\",\"type\":\"lens\"},{\"id\":\"74daec50-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-377145dd-d931-4e01-8719-fa4e36df631a\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"377145dd-d931-4e01-8719-fa4e36df631a\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"6ba09492-0ce8-4f51-9263-e85a0a74225c\"},{\"columnId\":\"123ad80c-6989-4387-a25a-9f0a60d6ea7b\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"indexRefName\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"377145dd-d931-4e01-8719-fa4e36df631a\":{\"columns\":{\"6ba09492-0ce8-4f51-9263-e85a0a74225c\":{\"label\":\"Top values of host.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"123ad80c-6989-4387-a25a-9f0a60d6ea7b\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"123ad80c-6989-4387-a25a-9f0a60d6ea7b\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"6ba09492-0ce8-4f51-9263-e85a0a74225c\",\"123ad80c-6989-4387-a25a-9f0a60d6ea7b\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - File Hostname\",\"panelRefName\":\"panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea\"},{\"version\":\"7.16.2\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":39,\"w\":25,\"h\":20,\"i\":\"9fa50224-7ba0-4adb-806a-bca0ddaf81d0\"},\"panelIndex\":\"9fa50224-7ba0-4adb-806a-bca0ddaf81d0\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"id\":\"82ab9af0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0\",\"type\":\"lens\"},{\"id\":\"82ab9af0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0\",\"type\":\"lens\"},{\"id\":\"82ab9af0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0\",\"type\":\"lens\"},{\"id\":\"82ab9af0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-3320254d-3b41-4746-946e-70357e58da19\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"3320254d-3b41-4746-946e-70357e58da19\",\"groups\":[\"4a9a0ae7-34cc-407e-8f0c-a60c234179b7\"],\"metric\":\"9ee7fb17-68de-4b29-b3e8-21336f4b15ca\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"indexRefName\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"3320254d-3b41-4746-946e-70357e58da19\":{\"columns\":{\"4a9a0ae7-34cc-407e-8f0c-a60c234179b7\":{\"label\":\"Top values of event.type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.type\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9ee7fb17-68de-4b29-b3e8-21336f4b15ca\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"9ee7fb17-68de-4b29-b3e8-21336f4b15ca\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"4a9a0ae7-34cc-407e-8f0c-a60c234179b7\",\"9ee7fb17-68de-4b29-b3e8-21336f4b15ca\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"fa53d234-1d45-4a90-8468-631012e68ce8\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Go to File Dashboard\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true}}}]}}},\"title\":\"Endgame - File Event Type (Donut)\",\"panelRefName\":\"panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0\"},{\"version\":\"7.16.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":59,\"w\":48,\"h\":16,\"i\":\"0f24d345-114e-44a8-ac45-75258008cf3b\"},\"panelIndex\":\"0f24d345-114e-44a8-ac45-75258008cf3b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0f24d345-114e-44a8-ac45-75258008cf3b\"}]","timeRestore":false,"title":"Endgame - File","version":1},"coreMigrationVersion":"7.16.2","id":"4923ad00-6349-11ec-864c-8b5450f97635","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"754f7380-6d82-11ec-864c-8b5450f97635","name":"d3fd89cc-9483-41b1-90e8-c2e86b862d4c:panel_d3fd89cc-9483-41b1-90e8-c2e86b862d4c","type":"visualization"},{"id":"3505d400-6d6d-11ec-864c-8b5450f97635","name":"dcf897df-beb2-4a1b-86b2-4b8b0370aa94:panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94","type":"lens"},{"id":"3505d400-6d6d-11ec-864c-8b5450f97635","name":"dcf897df-beb2-4a1b-86b2-4b8b0370aa94:panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94","type":"lens"},{"id":"3505d400-6d6d-11ec-864c-8b5450f97635","name":"dcf897df-beb2-4a1b-86b2-4b8b0370aa94:panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94","type":"lens"},{"id":"3505d400-6d6d-11ec-864c-8b5450f97635","name":"dcf897df-beb2-4a1b-86b2-4b8b0370aa94:panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94","type":"lens"},{"id":"3505d400-6d6d-11ec-864c-8b5450f97635","name":"dcf897df-beb2-4a1b-86b2-4b8b0370aa94:panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94","type":"lens"},{"id":"endgame-*","name":"dcf897df-beb2-4a1b-86b2-4b8b0370aa94:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"dcf897df-beb2-4a1b-86b2-4b8b0370aa94:indexpattern-datasource-layer-265fc12b-5b8f-4440-9d9a-77ca0e8b2ac0","type":"index-pattern"},{"id":"endgame-*","name":"dcf897df-beb2-4a1b-86b2-4b8b0370aa94:filter-index-pattern-0","type":"index-pattern"},{"id":"42a22c30-6d6d-11ec-864c-8b5450f97635","name":"fb5061a4-571d-4f4d-a3b5-fd7851d324ca:panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca","type":"lens"},{"id":"42a22c30-6d6d-11ec-864c-8b5450f97635","name":"fb5061a4-571d-4f4d-a3b5-fd7851d324ca:panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca","type":"lens"},{"id":"42a22c30-6d6d-11ec-864c-8b5450f97635","name":"fb5061a4-571d-4f4d-a3b5-fd7851d324ca:panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca","type":"lens"},{"id":"42a22c30-6d6d-11ec-864c-8b5450f97635","name":"fb5061a4-571d-4f4d-a3b5-fd7851d324ca:panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca","type":"lens"},{"id":"42a22c30-6d6d-11ec-864c-8b5450f97635","name":"fb5061a4-571d-4f4d-a3b5-fd7851d324ca:panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca","type":"lens"},{"id":"endgame-*","name":"fb5061a4-571d-4f4d-a3b5-fd7851d324ca:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"fb5061a4-571d-4f4d-a3b5-fd7851d324ca:indexpattern-datasource-layer-10863c78-73fc-4739-88ea-b6e3419da4db","type":"index-pattern"},{"id":"endgame-*","name":"fb5061a4-571d-4f4d-a3b5-fd7851d324ca:filter-index-pattern-0","type":"index-pattern"},{"id":"4d6bdc60-6d6d-11ec-864c-8b5450f97635","name":"30774bd7-ee7f-4c21-aa67-104e961664ee:panel_30774bd7-ee7f-4c21-aa67-104e961664ee","type":"lens"},{"id":"4d6bdc60-6d6d-11ec-864c-8b5450f97635","name":"30774bd7-ee7f-4c21-aa67-104e961664ee:panel_30774bd7-ee7f-4c21-aa67-104e961664ee","type":"lens"},{"id":"4d6bdc60-6d6d-11ec-864c-8b5450f97635","name":"30774bd7-ee7f-4c21-aa67-104e961664ee:panel_30774bd7-ee7f-4c21-aa67-104e961664ee","type":"lens"},{"id":"4d6bdc60-6d6d-11ec-864c-8b5450f97635","name":"30774bd7-ee7f-4c21-aa67-104e961664ee:panel_30774bd7-ee7f-4c21-aa67-104e961664ee","type":"lens"},{"id":"4d6bdc60-6d6d-11ec-864c-8b5450f97635","name":"30774bd7-ee7f-4c21-aa67-104e961664ee:panel_30774bd7-ee7f-4c21-aa67-104e961664ee","type":"lens"},{"id":"endgame-*","name":"30774bd7-ee7f-4c21-aa67-104e961664ee:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"30774bd7-ee7f-4c21-aa67-104e961664ee:indexpattern-datasource-layer-860e44c0-e06a-4d8a-9172-b542532df353","type":"index-pattern"},{"id":"endgame-*","name":"30774bd7-ee7f-4c21-aa67-104e961664ee:filter-index-pattern-0","type":"index-pattern"},{"id":"5a43fa30-6d6d-11ec-864c-8b5450f97635","name":"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1","type":"lens"},{"id":"5a43fa30-6d6d-11ec-864c-8b5450f97635","name":"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1","type":"lens"},{"id":"5a43fa30-6d6d-11ec-864c-8b5450f97635","name":"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1","type":"lens"},{"id":"5a43fa30-6d6d-11ec-864c-8b5450f97635","name":"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1","type":"lens"},{"id":"5a43fa30-6d6d-11ec-864c-8b5450f97635","name":"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1","type":"lens"},{"id":"endgame-*","name":"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:indexpattern-datasource-layer-b12aced8-11a0-4a83-a7c5-129f142e8f04","type":"index-pattern"},{"id":"endgame-*","name":"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:filter-index-pattern-0","type":"index-pattern"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2","type":"lens"},{"id":"endgame-*","name":"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:indexpattern-datasource-layer-e5f77e35-1bc5-4487-9602-e2962cafa87b","type":"index-pattern"},{"id":"endgame-*","name":"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:filter-index-pattern-0","type":"index-pattern"},{"id":"74daec50-6d6d-11ec-864c-8b5450f97635","name":"7e1aecd8-bbbe-453c-868b-8335f5ab65ea:panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea","type":"lens"},{"id":"74daec50-6d6d-11ec-864c-8b5450f97635","name":"7e1aecd8-bbbe-453c-868b-8335f5ab65ea:panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea","type":"lens"},{"id":"74daec50-6d6d-11ec-864c-8b5450f97635","name":"7e1aecd8-bbbe-453c-868b-8335f5ab65ea:panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea","type":"lens"},{"id":"74daec50-6d6d-11ec-864c-8b5450f97635","name":"7e1aecd8-bbbe-453c-868b-8335f5ab65ea:panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea","type":"lens"},{"id":"74daec50-6d6d-11ec-864c-8b5450f97635","name":"7e1aecd8-bbbe-453c-868b-8335f5ab65ea:panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea","type":"lens"},{"id":"endgame-*","name":"7e1aecd8-bbbe-453c-868b-8335f5ab65ea:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"7e1aecd8-bbbe-453c-868b-8335f5ab65ea:indexpattern-datasource-layer-377145dd-d931-4e01-8719-fa4e36df631a","type":"index-pattern"},{"id":"endgame-*","name":"7e1aecd8-bbbe-453c-868b-8335f5ab65ea:filter-index-pattern-0","type":"index-pattern"},{"id":"82ab9af0-6d6d-11ec-864c-8b5450f97635","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0","type":"lens"},{"id":"82ab9af0-6d6d-11ec-864c-8b5450f97635","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0","type":"lens"},{"id":"82ab9af0-6d6d-11ec-864c-8b5450f97635","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0","type":"lens"},{"id":"82ab9af0-6d6d-11ec-864c-8b5450f97635","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0","type":"lens"},{"id":"82ab9af0-6d6d-11ec-864c-8b5450f97635","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0","type":"lens"},{"id":"endgame-*","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:indexpattern-datasource-layer-3320254d-3b41-4746-946e-70357e58da19","type":"index-pattern"},{"id":"endgame-*","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:filter-index-pattern-0","type":"index-pattern"},{"id":"4923ad00-6349-11ec-864c-8b5450f97635","name":"9fa50224-7ba0-4adb-806a-bca0ddaf81d0:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:fa53d234-1d45-4a90-8468-631012e68ce8:dashboardId","type":"dashboard"},{"id":"90facda0-6f08-11ec-864c-8b5450f97635","name":"0f24d345-114e-44a8-ac45-75258008cf3b:panel_0f24d345-114e-44a8-ac45-75258008cf3b","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1153],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDU4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - Request From","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - Request From\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.request.from.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.request.from.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request From\"}}]}"},"coreMigrationVersion":"7.16.2","id":"49384710-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1155],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDU5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"network.transport:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Network - Transport","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Network - Transport\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"network.transport: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Transport\"}}]}"},"coreMigrationVersion":"7.16.2","id":"499a0690-6ead-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1157],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDYwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - File - Source","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Strelka - File - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}}]}"},"coreMigrationVersion":"7.16.2","id":"49cfe850-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1159],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDYxLDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"3a9904aa-0df2-48a5-b981-ae47f20e29d3":{"columnOrder":["37a5b642-e2c0-4005-88c9-d4e1f9016648"],"columns":{"37a5b642-e2c0-4005-88c9-d4e1f9016648":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Logs","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.category","negate":false,"params":{"query":"network"},"type":"phrase"},"query":{"match_phrase":{"event.category":"network"}}}],"query":{"language":"kuery","query":""},"visualization":{"accessor":"37a5b642-e2c0-4005-88c9-d4e1f9016648","layerId":"3a9904aa-0df2-48a5-b981-ae47f20e29d3","layerType":"data"}},"title":"Endgame - Network Metric","visualizationType":"lnsMetric"},"coreMigrationVersion":"7.16.2","id":"ec0fa520-6329-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-3a9904aa-0df2-48a5-b981-ae47f20e29d3","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1164],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDYyLDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"909005b3-b986-4bf6-9504-f4a9c877a966":{"columnOrder":["b65c177b-364a-4656-854a-69e6b07f05ff","98109e10-1bb1-4a93-bd3f-64a228aba2c4"],"columns":{"98109e10-1bb1-4a93-bd3f-64a228aba2c4":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"b65c177b-364a-4656-854a-69e6b07f05ff":{"dataType":"string","isBucketed":true,"label":"Top values of network.transport","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"98109e10-1bb1-4a93-bd3f-64a228aba2c4","type":"column"},"orderDirection":"desc","otherBucket":true,"size":5},"scale":"ordinal","sourceField":"network.transport"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.category","negate":false,"params":{"query":"network"},"type":"phrase"},"query":{"match_phrase":{"event.category":"network"}}}],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"categoryDisplay":"default","groups":["b65c177b-364a-4656-854a-69e6b07f05ff"],"layerId":"909005b3-b986-4bf6-9504-f4a9c877a966","layerType":"data","legendDisplay":"show","metric":"98109e10-1bb1-4a93-bd3f-64a228aba2c4","nestedLegend":false,"numberDisplay":"percent"}],"shape":"donut"}},"title":"Endgame - Network Protocol","visualizationType":"lnsPie"},"coreMigrationVersion":"7.16.2","id":"a82d8250-6324-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-909005b3-b986-4bf6-9504-f4a9c877a966","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1169],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDYzLDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"f2b4871a-9aca-4016-848c-331b8c221cf7":{"columnOrder":["a06965e8-9258-490d-9765-54afc2fb5073","e81257d5-bbe1-406d-b8b7-01db30a05390"],"columns":{"a06965e8-9258-490d-9765-54afc2fb5073":{"customLabel":true,"dataType":"ip","isBucketed":true,"label":"source.ip","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"e81257d5-bbe1-406d-b8b7-01db30a05390","type":"column"},"orderDirection":"desc","otherBucket":true,"size":100},"scale":"ordinal","sourceField":"source.ip"},"e81257d5-bbe1-406d-b8b7-01db30a05390":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"columns":[{"columnId":"a06965e8-9258-490d-9765-54afc2fb5073"},{"columnId":"e81257d5-bbe1-406d-b8b7-01db30a05390"}],"layerId":"f2b4871a-9aca-4016-848c-331b8c221cf7","layerType":"data"}},"title":"Endgame - Network Source IP","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"ac2e7c60-6e41-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-f2b4871a-9aca-4016-848c-331b8c221cf7","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1173],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDY0LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"d76872f3-61fb-4b26-8440-0ca886e33224":{"columnOrder":["822af2db-f82f-4f05-a4c3-8c6b7808d79a","6f747e8d-b264-42e8-ae88-2df81bf5bfa5"],"columns":{"6f747e8d-b264-42e8-ae88-2df81bf5bfa5":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","scale":"ratio","sourceField":"Records"},"822af2db-f82f-4f05-a4c3-8c6b7808d79a":{"customLabel":true,"dataType":"ip","isBucketed":true,"label":"destination.ip","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"6f747e8d-b264-42e8-ae88-2df81bf5bfa5","type":"column"},"orderDirection":"desc","otherBucket":true,"size":100},"scale":"ordinal","sourceField":"destination.ip"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"columns":[{"columnId":"822af2db-f82f-4f05-a4c3-8c6b7808d79a"},{"columnId":"6f747e8d-b264-42e8-ae88-2df81bf5bfa5"}],"layerId":"d76872f3-61fb-4b26-8440-0ca886e33224","layerType":"data"}},"title":"Endgame - Network Destination IP","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"c7f8be60-6e41-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-d76872f3-61fb-4b26-8440-0ca886e33224","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1177],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDY1LDE1XQ=="} -{"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"network\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.category\":\"network\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Endgame - Network Search","version":1},"coreMigrationVersion":"7.16.2","id":"4e1aa7c0-6ed2-11ec-864c-8b5450f97635","migrationVersion":{"search":"7.9.3"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1643385898421,1180],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDY2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Endgame - Network Heatmap","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 5,500,000,000\":\"rgb(247,252,245)\",\"5,500,000,000 - 11,000,000,000\":\"rgb(198,232,191)\",\"11,000,000,000 - 16,500,000,000\":\"rgb(114,195,120)\",\"16,500,000,000 - 22,000,000,000\":\"rgb(34,139,69)\"},\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"Endgame - Network Heatmap\",\"type\":\"heatmap\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":17,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"source.ip\"},\"schema\":\"group\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"destination.ip\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"heatmap\",\"addTooltip\":true,\"addLegend\":true,\"enableHover\":false,\"legendPosition\":\"right\",\"times\":[],\"colorsNumber\":4,\"colorSchema\":\"Greens\",\"setColorRange\":false,\"colorsRange\":[],\"invertColors\":false,\"percentageMode\":false,\"valueAxes\":[{\"show\":false,\"id\":\"ValueAxis-1\",\"type\":\"value\",\"scale\":{\"type\":\"linear\",\"defaultYExtents\":false},\"labels\":{\"show\":false,\"rotate\":0,\"overwriteColor\":false,\"color\":\"black\"}}]}}"},"coreMigrationVersion":"7.16.2","id":"de389910-6f0a-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"4e1aa7c0-6ed2-11ec-864c-8b5450f97635","name":"search_0","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1183],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDY3LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"89c7faa8-15c2-4772-95a6-8049a683be1a":{"columnOrder":["0cf6d6cf-9585-4e5f-8729-af8484507670","fa5a503a-c448-4dc7-8b1e-5679822218ae","e520b985-a9b8-4183-b29c-61373ed817c8","9079d4df-8e60-4749-bc38-b3b52782f71d"],"columns":{"0cf6d6cf-9585-4e5f-8729-af8484507670":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"dns.question.type","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"9079d4df-8e60-4749-bc38-b3b52782f71d","type":"column"},"orderDirection":"desc","otherBucket":true,"size":100},"scale":"ordinal","sourceField":"dns.question.type"},"9079d4df-8e60-4749-bc38-b3b52782f71d":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","scale":"ratio","sourceField":"Records"},"e520b985-a9b8-4183-b29c-61373ed817c8":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"dns.question.registered_domain","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"9079d4df-8e60-4749-bc38-b3b52782f71d","type":"column"},"orderDirection":"desc","otherBucket":true,"size":100},"scale":"ordinal","sourceField":"dns.question.registered_domain"},"fa5a503a-c448-4dc7-8b1e-5679822218ae":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"dns.question.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"9079d4df-8e60-4749-bc38-b3b52782f71d","type":"column"},"orderDirection":"desc","otherBucket":true,"size":100},"scale":"ordinal","sourceField":"dns.question.name"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.category","negate":false,"params":{"query":"network"},"type":"phrase"},"query":{"match_phrase":{"event.category":"network"}}}],"query":{"language":"kuery","query":""},"visualization":{"columns":[{"columnId":"0cf6d6cf-9585-4e5f-8729-af8484507670","isTransposed":false},{"columnId":"e520b985-a9b8-4183-b29c-61373ed817c8","isTransposed":false},{"columnId":"fa5a503a-c448-4dc7-8b1e-5679822218ae","isTransposed":false},{"columnId":"9079d4df-8e60-4749-bc38-b3b52782f71d","isTransposed":false}],"layerId":"89c7faa8-15c2-4772-95a6-8049a683be1a","layerType":"data"}},"title":"Endgame - DNS Records","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"85048e40-6329-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-89c7faa8-15c2-4772-95a6-8049a683be1a","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1188],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDY4LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"6eb1c7b4-ab7b-4b99-8113-5e5eec2db2f6":{"columnOrder":["bc7ded30-7099-4284-93f9-61bc44cd1b20","1219efed-4a09-4e75-b721-b5b581968e14"],"columns":{"1219efed-4a09-4e75-b721-b5b581968e14":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"bc7ded30-7099-4284-93f9-61bc44cd1b20":{"dataType":"string","isBucketed":true,"label":"Top values of user.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"1219efed-4a09-4e75-b721-b5b581968e14","type":"column"},"orderDirection":"desc","otherBucket":true,"size":5},"scale":"ordinal","sourceField":"user.name"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.category","negate":false,"params":{"query":"network"},"type":"phrase"},"query":{"match_phrase":{"event.category":"network"}}},{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-1","key":"event.type","negate":false,"params":{"query":"info"},"type":"phrase"},"query":{"match_phrase":{"event.type":"info"}}}],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"categoryDisplay":"default","groups":["bc7ded30-7099-4284-93f9-61bc44cd1b20","bc7ded30-7099-4284-93f9-61bc44cd1b20"],"layerId":"6eb1c7b4-ab7b-4b99-8113-5e5eec2db2f6","layerType":"data","legendDisplay":"show","metric":"1219efed-4a09-4e75-b721-b5b581968e14","nestedLegend":false,"numberDisplay":"percent"}],"shape":"donut"}},"title":"Endgame - DNS Requests Chart","visualizationType":"lnsPie"},"coreMigrationVersion":"7.16.2","id":"f30bef10-6328-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-6eb1c7b4-ab7b-4b99-8113-5e5eec2db2f6","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-1","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1194],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDY5LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.16.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":10,\"h\":10,\"i\":\"5485c8f5-90ea-409f-8522-f0a58716a12e\"},\"panelIndex\":\"5485c8f5-90ea-409f-8522-f0a58716a12e\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635) \\n \\n**Event Category** \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame** \\n[Endgame Alerts](https://ENDGAMEHOST/alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_5485c8f5-90ea-409f-8522-f0a58716a12e\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":10,\"y\":0,\"w\":14,\"h\":10,\"i\":\"2fcc00ab-4db8-4760-9bd0-111a3cd1c822\"},\"panelIndex\":\"2fcc00ab-4db8-4760-9bd0-111a3cd1c822\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2fcc00ab-4db8-4760-9bd0-111a3cd1c822\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":12,\"h\":13,\"i\":\"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\"},\"panelIndex\":\"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-909005b3-b986-4bf6-9504-f4a9c877a966\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"909005b3-b986-4bf6-9504-f4a9c877a966\",\"groups\":[\"b65c177b-364a-4656-854a-69e6b07f05ff\"],\"metric\":\"98109e10-1bb1-4a93-bd3f-64a228aba2c4\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"layerType\":\"data\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"909005b3-b986-4bf6-9504-f4a9c877a966\":{\"columns\":{\"b65c177b-364a-4656-854a-69e6b07f05ff\":{\"label\":\"Top values of network.transport\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"network.transport\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"98109e10-1bb1-4a93-bd3f-64a228aba2c4\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"98109e10-1bb1-4a93-bd3f-64a228aba2c4\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"b65c177b-364a-4656-854a-69e6b07f05ff\",\"98109e10-1bb1-4a93-bd3f-64a228aba2c4\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Network Transport\",\"panelRefName\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":0,\"w\":12,\"h\":13,\"i\":\"3db56ff3-17bb-4304-95ca-5b7b6254257a\"},\"panelIndex\":\"3db56ff3-17bb-4304-95ca-5b7b6254257a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3db56ff3-17bb-4304-95ca-5b7b6254257a\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":10,\"w\":24,\"h\":19,\"i\":\"0fd77215-f380-4e05-8e8d-7eff24e7eb10\"},\"panelIndex\":\"0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-7d4edcbb-fca9-47d9-93df-acba6aaf6f58\"}],\"state\":{\"visualization\":{\"layerId\":\"7d4edcbb-fca9-47d9-93df-acba6aaf6f58\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"0cbe5805-5e69-4a7e-a5ef-21dfabd592f5\"},{\"columnId\":\"92a4b279-4a18-4513-a75c-52dcf79a6801\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"7d4edcbb-fca9-47d9-93df-acba6aaf6f58\":{\"columns\":{\"0cbe5805-5e69-4a7e-a5ef-21dfabd592f5\":{\"label\":\"Top values of event.category\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.category\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"92a4b279-4a18-4513-a75c-52dcf79a6801\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"92a4b279-4a18-4513-a75c-52dcf79a6801\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"0cbe5805-5e69-4a7e-a5ef-21dfabd592f5\",\"92a4b279-4a18-4513-a75c-52dcf79a6801\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Network Events\",\"panelRefName\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":13,\"w\":12,\"h\":16,\"i\":\"55ac1386-6ccb-4926-813d-1dc397a60036\"},\"panelIndex\":\"55ac1386-6ccb-4926-813d-1dc397a60036\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_55ac1386-6ccb-4926-813d-1dc397a60036\",\"type\":\"lens\",\"id\":\"ac2e7c60-6e41-11ec-864c-8b5450f97635\"},{\"name\":\"panel_55ac1386-6ccb-4926-813d-1dc397a60036\",\"type\":\"lens\",\"id\":\"ac2e7c60-6e41-11ec-864c-8b5450f97635\"},{\"name\":\"panel_55ac1386-6ccb-4926-813d-1dc397a60036\",\"type\":\"lens\",\"id\":\"ac2e7c60-6e41-11ec-864c-8b5450f97635\"},{\"name\":\"panel_55ac1386-6ccb-4926-813d-1dc397a60036\",\"type\":\"lens\",\"id\":\"ac2e7c60-6e41-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-f2b4871a-9aca-4016-848c-331b8c221cf7\"}],\"state\":{\"visualization\":{\"layerId\":\"f2b4871a-9aca-4016-848c-331b8c221cf7\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"a06965e8-9258-490d-9765-54afc2fb5073\"},{\"columnId\":\"e81257d5-bbe1-406d-b8b7-01db30a05390\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"f2b4871a-9aca-4016-848c-331b8c221cf7\":{\"columns\":{\"a06965e8-9258-490d-9765-54afc2fb5073\":{\"label\":\"Top values of source.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.ip\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e81257d5-bbe1-406d-b8b7-01db30a05390\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"e81257d5-bbe1-406d-b8b7-01db30a05390\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"a06965e8-9258-490d-9765-54afc2fb5073\",\"e81257d5-bbe1-406d-b8b7-01db30a05390\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Network Source IP\",\"panelRefName\":\"panel_55ac1386-6ccb-4926-813d-1dc397a60036\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":13,\"w\":12,\"h\":16,\"i\":\"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\"},\"panelIndex\":\"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\",\"type\":\"lens\",\"id\":\"c7f8be60-6e41-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\",\"type\":\"lens\",\"id\":\"c7f8be60-6e41-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\",\"type\":\"lens\",\"id\":\"c7f8be60-6e41-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\",\"type\":\"lens\",\"id\":\"c7f8be60-6e41-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-d76872f3-61fb-4b26-8440-0ca886e33224\"}],\"state\":{\"visualization\":{\"layerId\":\"d76872f3-61fb-4b26-8440-0ca886e33224\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"822af2db-f82f-4f05-a4c3-8c6b7808d79a\"},{\"columnId\":\"6f747e8d-b264-42e8-ae88-2df81bf5bfa5\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"d76872f3-61fb-4b26-8440-0ca886e33224\":{\"columns\":{\"822af2db-f82f-4f05-a4c3-8c6b7808d79a\":{\"label\":\"Top values of destination.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6f747e8d-b264-42e8-ae88-2df81bf5bfa5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"6f747e8d-b264-42e8-ae88-2df81bf5bfa5\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"822af2db-f82f-4f05-a4c3-8c6b7808d79a\",\"6f747e8d-b264-42e8-ae88-2df81bf5bfa5\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Network Destination IP\",\"panelRefName\":\"panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":29,\"w\":48,\"h\":12,\"i\":\"93e059d5-fc50-4357-9dfa-939f48da5834\"},\"panelIndex\":\"93e059d5-fc50-4357-9dfa-939f48da5834\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_93e059d5-fc50-4357-9dfa-939f48da5834\"},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":41,\"w\":48,\"h\":21,\"i\":\"cb25c6cd-4360-4a3f-8c5c-49a1b1a3d002\"},\"panelIndex\":\"cb25c6cd-4360-4a3f-8c5c-49a1b1a3d002\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cb25c6cd-4360-4a3f-8c5c-49a1b1a3d002\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":62,\"w\":28,\"h\":17,\"i\":\"1d174f74-9575-4827-8ae0-d5db7d53777b\"},\"panelIndex\":\"1d174f74-9575-4827-8ae0-d5db7d53777b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-89c7faa8-15c2-4772-95a6-8049a683be1a\"}],\"state\":{\"visualization\":{\"layerId\":\"89c7faa8-15c2-4772-95a6-8049a683be1a\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"0cf6d6cf-9585-4e5f-8729-af8484507670\"},{\"isTransposed\":false,\"columnId\":\"e520b985-a9b8-4183-b29c-61373ed817c8\"},{\"isTransposed\":false,\"columnId\":\"fa5a503a-c448-4dc7-8b1e-5679822218ae\"},{\"isTransposed\":false,\"columnId\":\"9079d4df-8e60-4749-bc38-b3b52782f71d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"89c7faa8-15c2-4772-95a6-8049a683be1a\":{\"columns\":{\"0cf6d6cf-9585-4e5f-8729-af8484507670\":{\"label\":\"Top values of dns.question.type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"dns.question.type\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9079d4df-8e60-4749-bc38-b3b52782f71d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"e520b985-a9b8-4183-b29c-61373ed817c8\":{\"label\":\"Top values of dns.question.registered_domain\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"dns.question.registered_domain\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9079d4df-8e60-4749-bc38-b3b52782f71d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"fa5a503a-c448-4dc7-8b1e-5679822218ae\":{\"label\":\"Top values of dns.question.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"dns.question.name\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9079d4df-8e60-4749-bc38-b3b52782f71d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"9079d4df-8e60-4749-bc38-b3b52782f71d\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"0cf6d6cf-9585-4e5f-8729-af8484507670\",\"e520b985-a9b8-4183-b29c-61373ed817c8\",\"fa5a503a-c448-4dc7-8b1e-5679822218ae\",\"9079d4df-8e60-4749-bc38-b3b52782f71d\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Network DNS Query\",\"panelRefName\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":28,\"y\":62,\"w\":20,\"h\":17,\"i\":\"0dc8b0a7-c750-4e4d-8fa3-fa9fb8814fa1\"},\"panelIndex\":\"0dc8b0a7-c750-4e4d-8fa3-fa9fb8814fa1\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - Network DNS Requests Chart\",\"panelRefName\":\"panel_0dc8b0a7-c750-4e4d-8fa3-fa9fb8814fa1\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":79,\"w\":48,\"h\":17,\"i\":\"fb5ece46-c6e7-4d56-a48a-607783ad818f\"},\"panelIndex\":\"fb5ece46-c6e7-4d56-a48a-607783ad818f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fb5ece46-c6e7-4d56-a48a-607783ad818f\"}]","timeRestore":false,"title":"Endgame - Network","version":1},"coreMigrationVersion":"7.16.2","id":"49d34770-53b2-11ec-b3ef-6bcc33056a36","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"754f7380-6d82-11ec-864c-8b5450f97635","name":"5485c8f5-90ea-409f-8522-f0a58716a12e:panel_5485c8f5-90ea-409f-8522-f0a58716a12e","type":"visualization"},{"id":"ec0fa520-6329-11ec-864c-8b5450f97635","name":"2fcc00ab-4db8-4760-9bd0-111a3cd1c822:panel_2fcc00ab-4db8-4760-9bd0-111a3cd1c822","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"a82d8250-6324-11ec-864c-8b5450f97635","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800","type":"lens"},{"id":"endgame-*","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:indexpattern-datasource-layer-909005b3-b986-4bf6-9504-f4a9c877a966","type":"index-pattern"},{"id":"2f20b2c0-6323-11ec-864c-8b5450f97635","name":"3db56ff3-17bb-4304-95ca-5b7b6254257a:panel_3db56ff3-17bb-4304-95ca-5b7b6254257a","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"22ffcc70-6322-11ec-864c-8b5450f97635","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10","type":"lens"},{"id":"endgame-*","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"0fd77215-f380-4e05-8e8d-7eff24e7eb10:indexpattern-datasource-layer-7d4edcbb-fca9-47d9-93df-acba6aaf6f58","type":"index-pattern"},{"id":"ac2e7c60-6e41-11ec-864c-8b5450f97635","name":"55ac1386-6ccb-4926-813d-1dc397a60036:panel_55ac1386-6ccb-4926-813d-1dc397a60036","type":"lens"},{"id":"ac2e7c60-6e41-11ec-864c-8b5450f97635","name":"55ac1386-6ccb-4926-813d-1dc397a60036:panel_55ac1386-6ccb-4926-813d-1dc397a60036","type":"lens"},{"id":"ac2e7c60-6e41-11ec-864c-8b5450f97635","name":"55ac1386-6ccb-4926-813d-1dc397a60036:panel_55ac1386-6ccb-4926-813d-1dc397a60036","type":"lens"},{"id":"ac2e7c60-6e41-11ec-864c-8b5450f97635","name":"55ac1386-6ccb-4926-813d-1dc397a60036:panel_55ac1386-6ccb-4926-813d-1dc397a60036","type":"lens"},{"id":"ac2e7c60-6e41-11ec-864c-8b5450f97635","name":"55ac1386-6ccb-4926-813d-1dc397a60036:panel_55ac1386-6ccb-4926-813d-1dc397a60036","type":"lens"},{"id":"endgame-*","name":"55ac1386-6ccb-4926-813d-1dc397a60036:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"55ac1386-6ccb-4926-813d-1dc397a60036:indexpattern-datasource-layer-f2b4871a-9aca-4016-848c-331b8c221cf7","type":"index-pattern"},{"id":"c7f8be60-6e41-11ec-864c-8b5450f97635","name":"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6","type":"lens"},{"id":"c7f8be60-6e41-11ec-864c-8b5450f97635","name":"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6","type":"lens"},{"id":"c7f8be60-6e41-11ec-864c-8b5450f97635","name":"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6","type":"lens"},{"id":"c7f8be60-6e41-11ec-864c-8b5450f97635","name":"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6","type":"lens"},{"id":"c7f8be60-6e41-11ec-864c-8b5450f97635","name":"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6","type":"lens"},{"id":"endgame-*","name":"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:indexpattern-datasource-layer-d76872f3-61fb-4b26-8440-0ca886e33224","type":"index-pattern"},{"id":"38c95ae0-6e4d-11ec-864c-8b5450f97635","name":"93e059d5-fc50-4357-9dfa-939f48da5834:panel_93e059d5-fc50-4357-9dfa-939f48da5834","type":"lens"},{"id":"de389910-6f0a-11ec-864c-8b5450f97635","name":"cb25c6cd-4360-4a3f-8c5c-49a1b1a3d002:panel_cb25c6cd-4360-4a3f-8c5c-49a1b1a3d002","type":"visualization"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"85048e40-6329-11ec-864c-8b5450f97635","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b","type":"lens"},{"id":"endgame-*","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"1d174f74-9575-4827-8ae0-d5db7d53777b:indexpattern-datasource-layer-89c7faa8-15c2-4772-95a6-8049a683be1a","type":"index-pattern"},{"id":"f30bef10-6328-11ec-864c-8b5450f97635","name":"0dc8b0a7-c750-4e4d-8fa3-fa9fb8814fa1:panel_0dc8b0a7-c750-4e4d-8fa3-fa9fb8814fa1","type":"lens"},{"id":"4e1aa7c0-6ed2-11ec-864c-8b5450f97635","name":"fb5ece46-c6e7-4d56-a48a-607783ad818f:panel_fb5ece46-c6e7-4d56-a48a-607783ad818f","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1262],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDcwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Protocol (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DNS - Protocol (Donut Chart)\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"protocol.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}]}"},"coreMigrationVersion":"7.16.2","id":"49e04860-4a4e-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1264],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDcxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Kerberos - Request Type (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Kerberos - Request Type (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"request_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request Type\"}}]}"},"coreMigrationVersion":"7.16.2","id":"4aa0b2a0-6e1a-11e7-89e4-613b96f597e1","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1266],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDcyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network - Destination IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Network - Destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IPs\"}}]}"},"coreMigrationVersion":"7.16.2","id":"4adca340-6eae-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1643385898421,1268],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDczLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND highest_registered_domain:google.com~ -highest_registered_domain:google.com AND highest_registered_domain:youtube.com~ -highest_registered_domain:youtube.com AND highest_registered_domain:facebook.com~ -highest_registered_domain:facebook.com AND highest_registered_domain:wikipedia.org~ -highest_registered_domain:wikipedia.org AND highest_registered_domain:google.co.in~ -highest_registered_domain:google.co.in AND highest_registered_domain:reddit.com~ -highest_registered_domain:reddit.com AND highest_registered_domain:amazon.com~ -highest_registered_domain:amazon.com AND highest_registered_domain:taobao.com~ -highest_registered_domain:taobao.com AND highest_registered_domain:twitter.com~ -highest_registered_domain:twitter.com AND highest_registered_domain:google.co.jp~ -highest_registered_domain:google.co.jp AND highest_registered_domain:instagram.com~ -highest_registered_domain:instagram.com AND highest_registered_domain:sina.com.cn~ -highest_registered_domain:sina.com.cn AND highest_registered_domain:google.co.uk~ -highest_registered_domain:google.co.uk AND highest_registered_domain:linkedin.com~ -highest_registered_domain:linkedin.com AND highest_registered_domain:list.tmall.com~ -highest_registered_domain:list.tmall.com AND highest_registered_domain:google.com.br~ -highest_registered_domain:google.com.br AND highest_registered_domain:google.com.hk~ -highest_registered_domain:google.com.hk AND highest_registered_domain:netflix.com~ -highest_registered_domain:netflix.com AND highest_registered_domain:yahoo.co.jp~ -highest_registered_domain:yahoo.co.jp AND highest_registered_domain:pornhub.com~ -highest_registered_domain:pornhub.com AND highest_registered_domain:xvideos.com~ -highest_registered_domain:xvideos.com AND highest_registered_domain:microsoft.com~ -highest_registered_domain:microsoft.com AND highest_registered_domain:livejasmin.com~ -highest_registered_domain:livejasmin.com AND highest_registered_domain:aliexpress.com~ -highest_registered_domain:aliexpress.com AND highest_registered_domain:stackoverflow.com~ -highest_registered_domain:stackoverflow.com AND highest_registered_domain:wordpress.com~ -highest_registered_domain:wordpress.com AND highest_registered_domain:hao123.com~ -highest_registered_domain:hao123.com AND highest_registered_domain:github.com~ -highest_registered_domain:github.com AND highest_registered_domain:amazon.co.jp~ -highest_registered_domain:amazon.co.jp AND highest_registered_domain:blogspot.com~ -highest_registered_domain:blogspot.com AND highest_registered_domain:pinterest.com~ -highest_registered_domain:pinterest.com AND highest_registered_domain:bongacams.com~ -highest_registered_domain:bongacams.com AND highest_registered_domain:google.com.tr~ -highest_registered_domain:google.com.tr AND highest_registered_domain:popads.net~ -highest_registered_domain:popads.net AND highest_registered_domain:paypal.com~ -highest_registered_domain:paypal.com AND highest_registered_domain:office.com~ -highest_registered_domain:office.com AND highest_registered_domain:google.com.tw~ -highest_registered_domain:google.com.tw AND highest_registered_domain:google.com.au~ -highest_registered_domain:google.com.au AND highest_registered_domain:whatsapp.com~ -highest_registered_domain:whatsapp.com AND highest_registered_domain:microsoftonline.com~ -highest_registered_domain:microsoftonline.com\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"DNS - Phishing Attempts Against Alexa Top Sites","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 0\":\"rgb(0,104,55)\",\"1 - 999999\":\"rgb(165,0,38)\"}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Phishing attempts against your domain(s)\"},\"schema\":\"metric\",\"type\":\"count\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTooltip\":true,\"gauge\":{\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":0},{\"from\":1,\"to\":999999}],\"extendRange\":true,\"gaugeColorMode\":\"Labels\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Arc\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":true},\"style\":{\"bgColor\":false,\"bgFill\":\"#eee\",\"bgMask\":false,\"bgWidth\":0.9,\"fontSize\":60,\"labelColor\":true,\"mask\":false,\"maskBars\":50,\"subText\":\"Edit this to reflect your domain(s)\",\"width\":0.9},\"type\":\"meter\",\"alignment\":\"horizontal\"}},\"title\":\"DNS - Phishing Attempts Against Alexa Top Sites\",\"type\":\"gauge\"}"},"coreMigrationVersion":"7.16.2","id":"4d89e140-6f09-11e7-9d31-23c0596994a7","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1270],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDc0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source - Top Connection Duration (Tile Map)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Source - Top Connection Duration (Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"duration\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"source_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"5ea38360-46c7-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1272],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDc1LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[14.604847155053898,0.17578125],\"mapZoom\":2,\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]","timeRestore":false,"title":"Connections - Source - Top Connection Duration","version":1},"coreMigrationVersion":"7.16.2","id":"4e108070-46c7-11e7-946f-1bfb1be7c36b","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"5ea38360-46c7-11e7-946f-1bfb1be7c36b","name":"panel_1","type":"visualization"}],"sort":[1643385898421,1275],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDc2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"PE - Section Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"PE - Section Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"section_names.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"4e56b4d0-416f-11e7-9850-b78558d0ac17","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1277],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDc3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DHCP - IP to MAC Assignment","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - IP to MAC Assignment\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"assigned_ip.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Assigned IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mac.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}"},"coreMigrationVersion":"7.16.2","id":"4e877100-4a48-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1279],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDc4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Issuer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.certificate.issuer.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssl.certificate.issuer.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Issuer\"}}]}"},"coreMigrationVersion":"7.16.2","id":"4e8cbf80-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1281],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDc5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Server Version","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Server Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_major_version.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_minor_version.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"4fade7b0-6e22-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1283],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDgwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Firewall - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"e76d2eb0-6d6b-11e7-ad64-15aa071374a6","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,1285],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDgxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Firewall - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"c3a06740-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,1287],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDgyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Firewall - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"df06de60-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,1289],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDgzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Destination Port","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Firewall - Destination Port\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"fcf75bc0-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,1291],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDg0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Protocol","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Firewall - Protocol\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"ipv4_protocol.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"f8f0dbc0-6d82-11e7-912f-0950e6d5c322","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,1293],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDg1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Firewall - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHH3kBxQT5EBNmq459","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,1295],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDg2LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\",\"time_zone\":\"America/New_York\"}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":60,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":36,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":36,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":16,\"x\":8,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":16,\"x\":32,\"y\":8,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":12,\"x\":8,\"y\":24,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":60,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"columns\":[\"action\",\"reason\",\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"z16.04 - Firewall","version":1},"coreMigrationVersion":"7.16.2","id":"50173bd0-3582-11e7-98ef-19df58fe538b","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"e76d2eb0-6d6b-11e7-ad64-15aa071374a6","name":"panel_1","type":"visualization"},{"id":"c3a06740-6d75-11e7-b09b-f57b22df6524","name":"panel_2","type":"visualization"},{"id":"df06de60-6d75-11e7-b09b-f57b22df6524","name":"panel_3","type":"visualization"},{"id":"2a1eb100-6d82-11e7-bcd4-0d514e0e7da1","name":"panel_4","type":"visualization"},{"id":"fcf75bc0-6d75-11e7-b09b-f57b22df6524","name":"panel_5","type":"visualization"},{"id":"f8f0dbc0-6d82-11e7-912f-0950e6d5c322","name":"panel_6","type":"visualization"},{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"panel_7","type":"search"},{"id":"AWDHH3kBxQT5EBNmq459","name":"panel_8","type":"visualization"}],"sort":[1643385898421,1305],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDg3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - File Size","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - File Size\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.size: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.size\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Size\"}}]}"},"coreMigrationVersion":"7.16.2","id":"50b4c880-72df-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1307],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDg4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RDP - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"524e13b0-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1309],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDg5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNS - Answers","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DNS - Answers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dns.answers.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.answers.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Answer\"}}]}"},"coreMigrationVersion":"7.16.2","id":"536876a0-72ba-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1311],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDkwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Tunnels - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"53824da0-6e35-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1313],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDkxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SIP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"5393c710-3640-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1315],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDkyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"53ac63e0-365b-11e7-8bd0-1db2c55fb7a1","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1317],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDkzLDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"0600494b-6f03-450b-8dab-981005aedf32":{"columnOrder":["0f00561d-d6d7-46b2-af59-4ea225a9893a","34e0e2cc-aab4-4581-9bc4-aba527024007"],"columns":{"0f00561d-d6d7-46b2-af59-4ea225a9893a":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"34e0e2cc-aab4-4581-9bc4-aba527024007":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"format":{"id":"number","params":{"decimals":0}}},"scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":"event.kind : \"alert\" "},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":false,"yLeft":true,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":0},"layers":[{"accessors":["34e0e2cc-aab4-4581-9bc4-aba527024007"],"layerId":"0600494b-6f03-450b-8dab-981005aedf32","layerType":"data","position":"top","seriesType":"bar","showGridlines":false,"xAccessor":"0f00561d-d6d7-46b2-af59-4ea225a9893a"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"bar","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","yLeftExtent":{"mode":"full"},"yRightExtent":{"mode":"full"}}},"title":"Endgame - Alert Log Count Over Time","visualizationType":"lnsXY"},"coreMigrationVersion":"7.16.2","id":"53b9b490-6cc1-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-0600494b-6f03-450b-8dab-981005aedf32","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1321],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDk0LDE1XQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_smtp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SMTP - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"a6cea530-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1323],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDk1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Webmail - True/False (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"SMTP - Webmail - True/False (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Webmail\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"is_webmail.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Webmail\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"53beb0d0-6e29-11e7-8b76-75eee0095daa","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1325],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDk2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSH - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"54d78f50-6e33-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1327],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDk3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - NTLM - Success","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - NTLM - Success\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ntlm.success: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ntlm.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Success\"}}]}"},"coreMigrationVersion":"7.16.2","id":"e9f31a70-75c2-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1329],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDk4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - NTLM - Tree","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - NTLM - Tree\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ntlm.server.tree.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ntlm.server.tree.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Tree\"}}]}"},"coreMigrationVersion":"7.16.2","id":"8cb83890-75c2-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1331],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MDk5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - NTLM - Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - NTLM - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Netbios\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"DNS\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ntlm.server.nb.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"NetBIOS\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ntlm.server.dns.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"\",\"customLabel\":\"DNS\"}}]}"},"coreMigrationVersion":"7.16.2","id":"63f139c0-75c2-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1333],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTAwLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:ntlm\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"4555a871-9c2c-48d4-b143-bffc6d41ea4d\"},\"panelIndex\":\"4555a871-9c2c-48d4-b143-bffc6d41ea4d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":14,\"y\":0,\"w\":16,\"h\":9,\"i\":\"0bc9ae29-cbc1-4272-ad27-9c2ff51c19ff\"},\"panelIndex\":\"0bc9ae29-cbc1-4272-ad27-9c2ff51c19ff\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":9,\"i\":\"d32748d9-d47b-41bb-ab9f-b59817230998\"},\"panelIndex\":\"d32748d9-d47b-41bb-ab9f-b59817230998\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":18,\"i\":\"2f7a5ee8-2258-4c8d-af2d-99a9e11defa2\"},\"panelIndex\":\"2f7a5ee8-2258-4c8d-af2d-99a9e11defa2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":18,\"i\":\"4a50def3-c905-4493-b352-59741d68326e\"},\"panelIndex\":\"4a50def3-c905-4493-b352-59741d68326e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":9,\"w\":10,\"h\":18,\"i\":\"075d7365-e106-4a1e-b003-bab7abbb7146\"},\"panelIndex\":\"075d7365-e106-4a1e-b003-bab7abbb7146\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":26,\"y\":9,\"w\":9,\"h\":18,\"i\":\"5202d0b2-7f34-4182-8e25-ec87d4df0965\"},\"panelIndex\":\"5202d0b2-7f34-4182-8e25-ec87d4df0965\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":35,\"y\":9,\"w\":13,\"h\":18,\"i\":\"f93042fa-bdd7-495f-af7b-eec95073e015\"},\"panelIndex\":\"f93042fa-bdd7-495f-af7b-eec95073e015\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":29,\"i\":\"c72c241d-5b6f-475c-831b-4419dd437a26\"},\"panelIndex\":\"c72c241d-5b6f-475c-831b-4419dd437a26\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - NTLM","version":1},"coreMigrationVersion":"7.16.2","id":"558292e0-75c1-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"e9f31a70-75c2-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"8cb83890-75c2-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"63f139c0-75c2-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_8","type":"search"}],"sort":[1643385898421,1343],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTAxLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:dns\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.11.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"ae3e83b1-5e53-40eb-8e4f-541e4851ddd2\"},\"panelIndex\":\"ae3e83b1-5e53-40eb-8e4f-541e4851ddd2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.11.2\",\"gridData\":{\"x\":14,\"y\":0,\"w\":14,\"h\":9,\"i\":\"4b8b4859-bd5c-446c-94e1-6d9b57cbe922\"},\"panelIndex\":\"4b8b4859-bd5c-446c-94e1-6d9b57cbe922\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.11.2\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":9,\"i\":\"ee03c5c1-9e26-42e3-b569-afa2712d7047\"},\"panelIndex\":\"ee03c5c1-9e26-42e3-b569-afa2712d7047\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.11.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":19,\"i\":\"706d8a5a-a263-48d0-8eb8-12eeade27115\"},\"panelIndex\":\"706d8a5a-a263-48d0-8eb8-12eeade27115\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.11.2\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":19,\"i\":\"bf29b086-8b8d-47a5-8280-afeb737d6163\"},\"panelIndex\":\"bf29b086-8b8d-47a5-8280-afeb737d6163\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.11.2\",\"gridData\":{\"x\":18,\"y\":9,\"w\":8,\"h\":19,\"i\":\"e99fb09c-6d8a-4a26-87ca-9ab82ef137c9\"},\"panelIndex\":\"e99fb09c-6d8a-4a26-87ca-9ab82ef137c9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.11.2\",\"gridData\":{\"x\":26,\"y\":9,\"w\":11,\"h\":19,\"i\":\"499d1548-292c-47a9-8f26-73a6af91d004\"},\"panelIndex\":\"499d1548-292c-47a9-8f26-73a6af91d004\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.11.2\",\"gridData\":{\"x\":0,\"y\":28,\"w\":23,\"h\":21,\"i\":\"e41240ec-8024-4f3f-9de0-869622470e4d\"},\"panelIndex\":\"e41240ec-8024-4f3f-9de0-869622470e4d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.11.2\",\"gridData\":{\"x\":23,\"y\":28,\"w\":25,\"h\":21,\"i\":\"fe297ab2-9a4b-438c-913b-7b5d1dea6182\"},\"panelIndex\":\"fe297ab2-9a4b-438c-913b-7b5d1dea6182\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.11.2\",\"gridData\":{\"x\":0,\"y\":49,\"w\":48,\"h\":29,\"i\":\"ae756423-c1d9-46f8-a1ee-28ee9626349d\"},\"panelIndex\":\"ae756423-c1d9-46f8-a1ee-28ee9626349d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.11.2\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":19,\"i\":\"e79ec813-6af2-4618-ad48-a25444a8abe4\"},\"panelIndex\":\"e79ec813-6af2-4618-ad48-a25444a8abe4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"Security Onion - DNS","version":1},"coreMigrationVersion":"7.16.2","id":"55ac6bf0-6ec4-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"13cda410-c770-11ea-bebb-37c5ab5894ea","name":"panel_6","type":"visualization"},{"id":"07065340-72ba-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"visualization"},{"id":"536876a0-72ba-11ea-8dd2-9d8795a1200b","name":"panel_8","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_9","type":"search"},{"id":"336dbde0-88aa-11eb-9841-852c8cc8a2e8","name":"panel_10","type":"visualization"}],"sort":[1643385898421,1355],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTAyLDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"e980cacd-054a-4c43-95aa-1b036dac04fd":{"columnOrder":["81df4048-abc0-4b0f-a7ec-9cf28f8cb367","528ff47c-2e2a-40e5-a5be-2983ecff6031","c2e1a93b-7344-40a5-9926-fc15afd832f0","5c038dd2-ec5b-4ef9-8e5c-7c2db912c05a","ad97207d-9f1a-4d60-9db3-0719f5596b29"],"columns":{"528ff47c-2e2a-40e5-a5be-2983ecff6031":{"customLabel":true,"dataType":"ip","isBucketed":true,"label":"IP","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"ad97207d-9f1a-4d60-9db3-0719f5596b29","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"host.ip"},"5c038dd2-ec5b-4ef9-8e5c-7c2db912c05a":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Version","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"ad97207d-9f1a-4d60-9db3-0719f5596b29","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"host.os.version"},"81df4048-abc0-4b0f-a7ec-9cf28f8cb367":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Hostname","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"ad97207d-9f1a-4d60-9db3-0719f5596b29","type":"column"},"orderDirection":"desc","otherBucket":true,"size":5},"scale":"ordinal","sourceField":"host.name"},"ad97207d-9f1a-4d60-9db3-0719f5596b29":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Total Logs","operationType":"count","scale":"ratio","sourceField":"Records"},"c2e1a93b-7344-40a5-9926-fc15afd832f0":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"OS","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"ad97207d-9f1a-4d60-9db3-0719f5596b29","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"host.os.name"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"columns":[{"columnId":"ad97207d-9f1a-4d60-9db3-0719f5596b29","isTransposed":false},{"columnId":"81df4048-abc0-4b0f-a7ec-9cf28f8cb367","isTransposed":false},{"columnId":"528ff47c-2e2a-40e5-a5be-2983ecff6031","isTransposed":false},{"columnId":"c2e1a93b-7344-40a5-9926-fc15afd832f0","isTransposed":false},{"columnId":"5c038dd2-ec5b-4ef9-8e5c-7c2db912c05a","isTransposed":false}],"layerId":"e980cacd-054a-4c43-95aa-1b036dac04fd","layerType":"data"}},"title":"Endgame - Host Table","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"55edc2d0-68b4-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-e980cacd-054a-4c43-95aa-1b036dac04fd","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1359],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTAzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"IRC - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"IRC - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"85b1f890-35b7-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1361],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTA0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"IRC - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"IRC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"bf959cb0-35b7-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1363],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTA1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"IRC - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"IRC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"e4615200-35b7-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1365],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTA2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"IRC - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"IRC - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDG_HoKxQT5EBNmq4KN","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1367],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTA3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"IRC - Destination Country","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"IRC - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_geo.city_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination City\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}"},"coreMigrationVersion":"7.16.2","id":"f625b7b0-4a56-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1369],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTA4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"IRC - Command","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"IRC - Command\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"irc_command.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}}]}"},"coreMigrationVersion":"7.16.2","id":"7bc09930-4a57-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1371],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTA5LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":8,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"z16.04 - Bro - IRC","version":1},"coreMigrationVersion":"7.16.2","id":"56a34ce0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"85b1f890-35b7-11e7-a994-c528746bc6e8","name":"panel_1","type":"visualization"},{"id":"bf959cb0-35b7-11e7-a994-c528746bc6e8","name":"panel_2","type":"visualization"},{"id":"e4615200-35b7-11e7-a994-c528746bc6e8","name":"panel_3","type":"visualization"},{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"panel_4","type":"search"},{"id":"3c073d20-6e17-11e7-8624-1fb07dd76c6a","name":"panel_5","type":"visualization"},{"id":"AWDG_HoKxQT5EBNmq4KN","name":"panel_6","type":"visualization"},{"id":"f625b7b0-4a56-11e8-9b0a-f1d33346f773","name":"panel_7","type":"visualization"},{"id":"7bc09930-4a57-11e8-9b0a-f1d33346f773","name":"panel_8","type":"visualization"}],"sort":[1643385898421,1381],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTEwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"57a9a3f0-34c0-11e7-9b32-bb903919ead9","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1383],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTExLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DHCP - Lease Time","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - Lease Time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"lease_time.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Lease Time\"}}]}"},"coreMigrationVersion":"7.16.2","id":"58c84f60-0edb-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1385],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTEyLDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"46832f84-f86b-4914-a3ac-aaeda9f09cf7":{"columnOrder":["77069155-4e9a-4727-b888-648fed60258e","e7878efe-2181-449d-afd3-771296665829","738c056c-c4eb-4855-a690-90fa5b9e23f8","02c8c47e-9b96-4384-b467-1fd9cff2b78b","d61f74aa-1899-4881-a2cc-d0dc7cbf28df","6de07e81-5ee7-4885-af47-26b401667757","895abdf3-8c99-4473-a904-b379d478aae1","e30b3573-c58d-4b82-853d-70c1d090d641"],"columns":{"02c8c47e-9b96-4384-b467-1fd9cff2b78b":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"process.command_line","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"e30b3573-c58d-4b82-853d-70c1d090d641","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"process.command_line"},"6de07e81-5ee7-4885-af47-26b401667757":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"file.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"e30b3573-c58d-4b82-853d-70c1d090d641","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"file.name"},"738c056c-c4eb-4855-a690-90fa5b9e23f8":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Category","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"e30b3573-c58d-4b82-853d-70c1d090d641","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"event.category"},"77069155-4e9a-4727-b888-648fed60258e":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"event.id (click on + to go to Endgame)","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"e30b3573-c58d-4b82-853d-70c1d090d641","type":"column"},"orderDirection":"desc","otherBucket":true,"size":10},"scale":"ordinal","sourceField":"event.id"},"895abdf3-8c99-4473-a904-b379d478aae1":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"host.domain","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"e30b3573-c58d-4b82-853d-70c1d090d641","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"host.domain"},"d61f74aa-1899-4881-a2cc-d0dc7cbf28df":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"process.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"e30b3573-c58d-4b82-853d-70c1d090d641","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"process.name"},"e30b3573-c58d-4b82-853d-70c1d090d641":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"e7878efe-2181-449d-afd3-771296665829":{"customLabel":true,"dataType":"number","isBucketed":true,"label":"Severity","operationType":"range","params":{"maxBars":"auto","ranges":[{"from":0,"label":"","to":1000}],"type":"histogram"},"scale":"interval","sourceField":"event.severity"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":"event.kind : \"alert\" "},"visualization":{"columns":[{"columnId":"77069155-4e9a-4727-b888-648fed60258e","isTransposed":false},{"alignment":"center","columnId":"e7878efe-2181-449d-afd3-771296665829","isTransposed":false},{"columnId":"738c056c-c4eb-4855-a690-90fa5b9e23f8","isTransposed":false},{"columnId":"02c8c47e-9b96-4384-b467-1fd9cff2b78b","isTransposed":false},{"columnId":"d61f74aa-1899-4881-a2cc-d0dc7cbf28df","isTransposed":false},{"columnId":"6de07e81-5ee7-4885-af47-26b401667757","isTransposed":false},{"columnId":"895abdf3-8c99-4473-a904-b379d478aae1","isTransposed":false},{"columnId":"e30b3573-c58d-4b82-853d-70c1d090d641","hidden":true,"isTransposed":false}],"layerId":"46832f84-f86b-4914-a3ac-aaeda9f09cf7","layerType":"data"}},"title":"Endgame - Alerts with drilldown","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"5a203910-6cbe-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-46832f84-f86b-4914-a3ac-aaeda9f09cf7","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1389],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTEzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Devices - Log Count By Device","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Devices - Log Count By Device\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-host_from.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Device\"}}]}"},"coreMigrationVersion":"7.16.2","id":"5b3988c0-a840-11e7-893a-1b88920b2837","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1391],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTE0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RDP - Client Build","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RDP - Client Build\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rdp.client_build.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rdp.client_build.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Build\"}}]}"},"coreMigrationVersion":"7.16.2","id":"bdae8640-75c5-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1393],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTE1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RDP - Security Protocol","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RDP - Security Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rdp.security_protocol.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rdp.security_protocol.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}"},"coreMigrationVersion":"7.16.2","id":"dad85840-75c5-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1395],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTE2LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:rdp\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"1aacbaf6-078a-4b6e-bbd2-ae21a4974aba\"},\"panelIndex\":\"1aacbaf6-078a-4b6e-bbd2-ae21a4974aba\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"8abc0250-1076-45e8-b62b-54dc7dd0cfca\"},\"panelIndex\":\"8abc0250-1076-45e8-b62b-54dc7dd0cfca\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"dc48b27e-f00b-4723-87ab-64f726e51e74\"},\"panelIndex\":\"dc48b27e-f00b-4723-87ab-64f726e51e74\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"da3945b4-9e74-4bb9-8868-a13f1d9bc0d8\"},\"panelIndex\":\"da3945b4-9e74-4bb9-8868-a13f1d9bc0d8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"f4437b55-61ef-4818-a8c4-448407c7052b\"},\"panelIndex\":\"f4437b55-61ef-4818-a8c4-448407c7052b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":18,\"y\":8,\"w\":7,\"h\":19,\"i\":\"33630c53-4de4-4064-a319-bd71be01dc06\"},\"panelIndex\":\"33630c53-4de4-4064-a319-bd71be01dc06\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":25,\"y\":8,\"w\":7,\"h\":19,\"i\":\"ed8dee78-79d4-47cf-9ed5-6120f00f3aaf\"},\"panelIndex\":\"ed8dee78-79d4-47cf-9ed5-6120f00f3aaf\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":32,\"y\":8,\"w\":7,\"h\":19,\"i\":\"35083762-4591-44ac-a31f-36bed3414af2\"},\"panelIndex\":\"35083762-4591-44ac-a31f-36bed3414af2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":39,\"y\":8,\"w\":9,\"h\":19,\"i\":\"66e7cf00-ec90-4df3-acd3-02fb271f0959\"},\"panelIndex\":\"66e7cf00-ec90-4df3-acd3-02fb271f0959\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":29,\"i\":\"f84fe347-bdda-4297-b460-eee297f7e91e\"},\"panelIndex\":\"f84fe347-bdda-4297-b460-eee297f7e91e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Security Onion - RDP","version":1},"coreMigrationVersion":"7.16.2","id":"5b743150-75c5-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"bdae8640-75c5-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"dad85840-75c5-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"0c006bb0-75c6-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"2e7363f0-75c6-11ea-9565-7315f4ee5cac","name":"panel_8","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_9","type":"search"}],"sort":[1643385898421,1406],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTE3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Nodes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Nodes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"},"coreMigrationVersion":"7.16.2","id":"5cba9760-6e9b-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1408],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTE4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - All Logs","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - All Logs\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":50}}}}"},"coreMigrationVersion":"7.16.2","id":"e2da1340-53a3-11ec-b3ef-6bcc33056a36","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1411],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTE5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - Categories with Full Event Type","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - Categories with Full Event Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"endgame.event_type_full\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event Type\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event Category\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"showToolbar\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"row\":true}}"},"coreMigrationVersion":"7.16.2","id":"af1768b0-53ac-11ec-b3ef-6bcc33056a36","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1414],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTIwLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"fe254730-eee5-4aff-b672-a83e54b49c12\"},\"panelIndex\":\"fe254730-eee5-4aff-b672-a83e54b49c12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fe254730-eee5-4aff-b672-a83e54b49c12\"},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":25,\"h\":9,\"i\":\"5e96a8cf-1dab-4df2-a4be-baf960448da4\"},\"panelIndex\":\"5e96a8cf-1dab-4df2-a4be-baf960448da4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5e96a8cf-1dab-4df2-a4be-baf960448da4\"},{\"version\":\"7.16.0\",\"type\":\"visualization\",\"gridData\":{\"x\":38,\"y\":0,\"w\":10,\"h\":9,\"i\":\"38c65a86-724b-4c25-818b-1564fbb3793f\"},\"panelIndex\":\"38c65a86-724b-4c25-818b-1564fbb3793f\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Alert Count\",\"description\":\"\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"searchSource\":{\"index\":\"endgame-*\",\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"endgame-*\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"detection\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"detection\"}}}]}}},\"enhancements\":{},\"type\":\"visualization\"}},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":13,\"h\":16,\"i\":\"680adbf3-9347-4c45-87b8-d87587e38b09\"},\"panelIndex\":\"680adbf3-9347-4c45-87b8-d87587e38b09\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_680adbf3-9347-4c45-87b8-d87587e38b09\"},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":9,\"w\":25,\"h\":16,\"i\":\"6569d104-bb49-4de6-8d2d-9dc49739b291\"},\"panelIndex\":\"6569d104-bb49-4de6-8d2d-9dc49739b291\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6569d104-bb49-4de6-8d2d-9dc49739b291\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":25,\"w\":48,\"h\":13,\"i\":\"4a354630-93fd-4370-b10f-80386aee6d00\"},\"panelIndex\":\"4a354630-93fd-4370-b10f-80386aee6d00\",\"embeddableConfig\":{\"columns\":[],\"enhancements\":{}},\"panelRefName\":\"panel_4a354630-93fd-4370-b10f-80386aee6d00\"}]","timeRestore":false,"title":"Endgame - Host","version":1},"coreMigrationVersion":"7.16.2","id":"5d8f04d0-53b6-11ec-b3ef-6bcc33056a36","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"e2da1340-53a3-11ec-b3ef-6bcc33056a36","name":"fe254730-eee5-4aff-b672-a83e54b49c12:panel_fe254730-eee5-4aff-b672-a83e54b49c12","type":"visualization"},{"id":"2f7966b0-53a4-11ec-b3ef-6bcc33056a36","name":"5e96a8cf-1dab-4df2-a4be-baf960448da4:panel_5e96a8cf-1dab-4df2-a4be-baf960448da4","type":"visualization"},{"id":"endgame-*","name":"38c65a86-724b-4c25-818b-1564fbb3793f:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"endgame-*","name":"38c65a86-724b-4c25-818b-1564fbb3793f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"3b50b220-53ab-11ec-b3ef-6bcc33056a36","name":"680adbf3-9347-4c45-87b8-d87587e38b09:panel_680adbf3-9347-4c45-87b8-d87587e38b09","type":"visualization"},{"id":"af1768b0-53ac-11ec-b3ef-6bcc33056a36","name":"6569d104-bb49-4de6-8d2d-9dc49739b291:panel_6569d104-bb49-4de6-8d2d-9dc49739b291","type":"visualization"},{"id":"20c85b70-53aa-11ec-b3ef-6bcc33056a36","name":"4a354630-93fd-4370-b10f-80386aee6d00:panel_4a354630-93fd-4370-b10f-80386aee6d00","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1423],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTIxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"MySQL - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"MySQL - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"5d9031a0-363f-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1425],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTIyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RFB - Client Version","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RFB - Client Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Major Version\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.client_major_version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.client_minor_version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Minor Version\"}}]}"},"coreMigrationVersion":"7.16.2","id":"5dcf09e0-75c8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1427],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTIzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Connection Information","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - Connection Information\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connect_info.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection Info\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"5df79fe0-3809-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1429],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTI0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Host - Process Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process.executable.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Process Image\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"process.command_line.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"title\":\"Security Onion - Host - Process Name\"}"},"coreMigrationVersion":"7.16.2","id":"5e18a970-c77f-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1431],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTI1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - URI","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - URI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"uri.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"5e36c370-3753-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1433],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTI2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FTP - Argument","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - FTP - Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ftp.argument.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.16.2","id":"5fcdb0c0-755f-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1435],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTI3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - FIle Path","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMB - FIle Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"path.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"60384e00-3aaf-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,1437],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTI4LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"97b747de-fee3-4557-84f6-3d6aecd1f5c7":{"columnOrder":["dccdca2f-fac1-43ce-8c74-d50a8a007366"],"columns":{"dccdca2f-fac1-43ce-8c74-d50a8a007366":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Hosts","operationType":"unique_count","scale":"ratio","sourceField":"host.ip"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"accessor":"dccdca2f-fac1-43ce-8c74-d50a8a007366","layerId":"97b747de-fee3-4557-84f6-3d6aecd1f5c7","layerType":"data"}},"title":"Endgame - Hosts Metric","visualizationType":"lnsMetric"},"coreMigrationVersion":"7.16.2","id":"df2ef610-6a1f-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-97b747de-fee3-4557-84f6-3d6aecd1f5c7","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1441],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTI5LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"fac6e4a9-2d36-463c-b2b0-b451546f6f20":{"columnOrder":["2bea62c1-f8ef-43c3-b9c3-1931437bc5db"],"columns":{"2bea62c1-f8ef-43c3-b9c3-1931437bc5db":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Alerts","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.action","negate":false,"params":{"query":"detection"},"type":"phrase"},"query":{"match_phrase":{"event.action":"detection"}}}],"query":{"language":"kuery","query":""},"visualization":{"accessor":"2bea62c1-f8ef-43c3-b9c3-1931437bc5db","layerId":"fac6e4a9-2d36-463c-b2b0-b451546f6f20","layerType":"data"}},"title":"Endgame - Alerts Metric","visualizationType":"lnsMetric"},"coreMigrationVersion":"7.16.2","id":"d07fce50-6a1f-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-fac6e4a9-2d36-463c-b2b0-b451546f6f20","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1446],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTMwLDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"8acd9613-749e-4ecc-a97e-24fa0c586661":{"columnOrder":["8449f044-6a5e-439c-96a6-8512972b0b47","d31636dd-3123-499d-b049-f8f62bf4886c","78001c1d-52c1-42ad-ae15-d7d53f63443d"],"columns":{"78001c1d-52c1-42ad-ae15-d7d53f63443d":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"8449f044-6a5e-439c-96a6-8512972b0b47":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"d31636dd-3123-499d-b049-f8f62bf4886c":{"dataType":"string","isBucketed":true,"label":"Top values of host.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"78001c1d-52c1-42ad-ae15-d7d53f63443d","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"host.name"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":0},"layers":[{"accessors":["78001c1d-52c1-42ad-ae15-d7d53f63443d"],"layerId":"8acd9613-749e-4ecc-a97e-24fa0c586661","layerType":"data","position":"top","seriesType":"bar_stacked","showGridlines":false,"splitAccessor":"d31636dd-3123-499d-b049-f8f62bf4886c","xAccessor":"8449f044-6a5e-439c-96a6-8512972b0b47"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"bar_stacked","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","yLeftExtent":{"mode":"full"},"yRightExtent":{"mode":"full"}}},"title":"Endgame - Logs Over Time","visualizationType":"lnsXY"},"coreMigrationVersion":"7.16.2","id":"82185ff0-696d-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-8acd9613-749e-4ecc-a97e-24fa0c586661","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1450],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTMxLDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"9643f560-7a46-408c-b61d-ed2a87fc6103":{"columnOrder":["305b2f21-9981-40d5-a79b-f7a78eea89b4","3520723b-f0f3-4845-975c-e97380d8124b"],"columns":{"305b2f21-9981-40d5-a79b-f7a78eea89b4":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"process.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"3520723b-f0f3-4845-975c-e97380d8124b","type":"column"},"orderDirection":"desc","otherBucket":true,"size":20},"scale":"ordinal","sourceField":"process.name"},"3520723b-f0f3-4845-975c-e97380d8124b":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":"event.category.keyword : \"process\" "},"visualization":{"layers":[{"categoryDisplay":"default","groups":["305b2f21-9981-40d5-a79b-f7a78eea89b4"],"layerId":"9643f560-7a46-408c-b61d-ed2a87fc6103","layerType":"data","legendDisplay":"default","metric":"3520723b-f0f3-4845-975c-e97380d8124b","nestedLegend":false,"numberDisplay":"percent"}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"treemap"}},"title":"Endgame - Processes","visualizationType":"lnsPie"},"coreMigrationVersion":"7.16.2","id":"e2cff350-6ccc-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-9643f560-7a46-408c-b61d-ed2a87fc6103","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1454],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTMyLDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"3c3da49b-8bd7-4bda-a105-3ca8d03a92a1":{"columnOrder":["5879e1c5-7dc8-47b4-9e77-fcc86dace366"],"columns":{"5879e1c5-7dc8-47b4-9e77-fcc86dace366":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":"event.category.keyword : \"process\" "},"visualization":{"accessor":"5879e1c5-7dc8-47b4-9e77-fcc86dace366","layerId":"3c3da49b-8bd7-4bda-a105-3ca8d03a92a1","layerType":"data"}},"title":"Endgame - Process Logs","visualizationType":"lnsMetric"},"coreMigrationVersion":"7.16.2","id":"ed1f0300-6cd1-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-3c3da49b-8bd7-4bda-a105-3ca8d03a92a1","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1458],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTMzLDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"13fd0aca-d81f-48ad-8ec0-f46d3fc261b9":{"columnOrder":["198cf7c0-6033-4379-bfca-2216fc2b6c1b","17394250-c888-4ac8-aff4-4a735e5d1c54"],"columns":{"17394250-c888-4ac8-aff4-4a735e5d1c54":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","scale":"ratio","sourceField":"Records"},"198cf7c0-6033-4379-bfca-2216fc2b6c1b":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":"event.category.keyword : \"process\" "},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":0},"layers":[{"accessors":["17394250-c888-4ac8-aff4-4a735e5d1c54"],"layerId":"13fd0aca-d81f-48ad-8ec0-f46d3fc261b9","layerType":"data","position":"top","seriesType":"area","showGridlines":false,"xAccessor":"198cf7c0-6033-4379-bfca-2216fc2b6c1b"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"area","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","yLeftExtent":{"mode":"full"},"yRightExtent":{"mode":"full"}}},"title":"Endgame - Process Log Count Over Time","visualizationType":"lnsXY"},"coreMigrationVersion":"7.16.2","id":"f1e98360-6cd1-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-13fd0aca-d81f-48ad-8ec0-f46d3fc261b9","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1462],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTM0LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"3b6026b4-9c36-4fbc-9f90-bd5580303bea":{"columnOrder":["d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721","ff0a89b4-427d-4739-bb83-86794a1f4289"],"columns":{"d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"user.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"ff0a89b4-427d-4739-bb83-86794a1f4289","type":"column"},"orderDirection":"desc","otherBucket":true,"size":20},"scale":"ordinal","sourceField":"user.name"},"ff0a89b4-427d-4739-bb83-86794a1f4289":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":"event.category.keyword : \"process\" "},"visualization":{"columns":[{"columnId":"d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721"},{"columnId":"ff0a89b4-427d-4739-bb83-86794a1f4289"}],"layerId":"3b6026b4-9c36-4fbc-9f90-bd5580303bea","layerType":"data"}},"title":"Endgame - Process Users","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"e88fd030-6ccc-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-3b6026b4-9c36-4fbc-9f90-bd5580303bea","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1466],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTM1LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"b4bc52f0-5c52-4bea-97fb-eb59f08750c7":{"columnOrder":["9c1ca31d-300f-4b75-868b-8a44e94694c6","dda96a38-363d-4f03-8c65-3d8376f7050e"],"columns":{"9c1ca31d-300f-4b75-868b-8a44e94694c6":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"event.action","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"dda96a38-363d-4f03-8c65-3d8376f7050e","type":"column"},"orderDirection":"desc","otherBucket":true,"size":10},"scale":"ordinal","sourceField":"event.action"},"dda96a38-363d-4f03-8c65-3d8376f7050e":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":"event.category: \"process\" "},"visualization":{"columns":[{"columnId":"9c1ca31d-300f-4b75-868b-8a44e94694c6"},{"columnId":"dda96a38-363d-4f03-8c65-3d8376f7050e"}],"layerId":"b4bc52f0-5c52-4bea-97fb-eb59f08750c7","layerType":"data"}},"title":"Endgame - Process Actions","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"edca7780-6ccc-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-b4bc52f0-5c52-4bea-97fb-eb59f08750c7","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1470],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTM2LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"c2cf18da-c9a6-487f-9ddb-efd26330a73b":{"columnOrder":["ba18fc18-b228-49c5-b67f-f16d03268eb5","63fe9cc9-dd12-49c3-b6f6-51722074d378","0194a818-8b41-44d5-9081-e0351a922200","e17daf81-0320-4352-84b8-598d1b19f924"],"columns":{"0194a818-8b41-44d5-9081-e0351a922200":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"process.executable","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"e17daf81-0320-4352-84b8-598d1b19f924","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"process.executable"},"63fe9cc9-dd12-49c3-b6f6-51722074d378":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"process.command_line","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"e17daf81-0320-4352-84b8-598d1b19f924","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"process.command_line"},"ba18fc18-b228-49c5-b67f-f16d03268eb5":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"process.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"e17daf81-0320-4352-84b8-598d1b19f924","type":"column"},"orderDirection":"desc","otherBucket":true,"size":5},"scale":"ordinal","sourceField":"process.name"},"e17daf81-0320-4352-84b8-598d1b19f924":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":"event.category.keyword : \"process\" "},"visualization":{"columns":[{"columnId":"ba18fc18-b228-49c5-b67f-f16d03268eb5","isTransposed":false,"width":243},{"columnId":"63fe9cc9-dd12-49c3-b6f6-51722074d378","isTransposed":false,"width":599},{"columnId":"0194a818-8b41-44d5-9081-e0351a922200","isTransposed":false,"width":771},{"columnId":"e17daf81-0320-4352-84b8-598d1b19f924","isTransposed":false,"width":233}],"layerId":"c2cf18da-c9a6-487f-9ddb-efd26330a73b","layerType":"data"}},"title":"Endgame - Process Information","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"dbb93900-6ccc-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-c2cf18da-c9a6-487f-9ddb-efd26330a73b","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1474],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTM3LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.16.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":11,\"i\":\"26712c83-24f3-4af6-a20e-edab103002fd\"},\"panelIndex\":\"26712c83-24f3-4af6-a20e-edab103002fd\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635) \\n \\n**Event Category** \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame** \\n[Endgame Alerts](https://ENDGAMEHOST/alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_26712c83-24f3-4af6-a20e-edab103002fd\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":0,\"w\":11,\"h\":11,\"i\":\"b7feb2b8-999d-433e-9b12-85aacdc61f16\"},\"panelIndex\":\"b7feb2b8-999d-433e-9b12-85aacdc61f16\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Process Logs\",\"panelRefName\":\"panel_b7feb2b8-999d-433e-9b12-85aacdc61f16\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":19,\"y\":0,\"w\":29,\"h\":11,\"i\":\"8b515da9-7c43-4e1a-872f-e92da896933f\"},\"panelIndex\":\"8b515da9-7c43-4e1a-872f-e92da896933f\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Process Log Count Over Time\",\"panelRefName\":\"panel_8b515da9-7c43-4e1a-872f-e92da896933f\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":11,\"w\":24,\"h\":15,\"i\":\"7837aa9f-dca6-4a7b-9881-65f26b2a5f4f\"},\"panelIndex\":\"7837aa9f-dca6-4a7b-9881-65f26b2a5f4f\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Processes\",\"panelRefName\":\"panel_7837aa9f-dca6-4a7b-9881-65f26b2a5f4f\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":11,\"w\":10,\"h\":15,\"i\":\"26df0dd7-8042-4e69-a4b1-c8ed5a677f6a\"},\"panelIndex\":\"26df0dd7-8042-4e69-a4b1-c8ed5a677f6a\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Process Users\",\"panelRefName\":\"panel_26df0dd7-8042-4e69-a4b1-c8ed5a677f6a\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":34,\"y\":11,\"w\":14,\"h\":15,\"i\":\"508bbc67-1a96-465d-b30d-23aecaaf4895\"},\"panelIndex\":\"508bbc67-1a96-465d-b30d-23aecaaf4895\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Process Actions\",\"panelRefName\":\"panel_508bbc67-1a96-465d-b30d-23aecaaf4895\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":26,\"w\":48,\"h\":14,\"i\":\"a89ab8ad-a272-405f-8db8-4f722bbfeb61\"},\"panelIndex\":\"a89ab8ad-a272-405f-8db8-4f722bbfeb61\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - Process Information\",\"panelRefName\":\"panel_a89ab8ad-a272-405f-8db8-4f722bbfeb61\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":40,\"w\":48,\"h\":17,\"i\":\"9248209e-9f35-48c5-958c-3cab215eb410\"},\"panelIndex\":\"9248209e-9f35-48c5-958c-3cab215eb410\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9248209e-9f35-48c5-958c-3cab215eb410\"}]","timeRestore":false,"title":"Endgame - Process","version":1},"coreMigrationVersion":"7.16.2","id":"790991a0-6287-11ec-864c-8b5450f97635","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"754f7380-6d82-11ec-864c-8b5450f97635","name":"26712c83-24f3-4af6-a20e-edab103002fd:panel_26712c83-24f3-4af6-a20e-edab103002fd","type":"visualization"},{"id":"ed1f0300-6cd1-11ec-864c-8b5450f97635","name":"b7feb2b8-999d-433e-9b12-85aacdc61f16:panel_b7feb2b8-999d-433e-9b12-85aacdc61f16","type":"lens"},{"id":"f1e98360-6cd1-11ec-864c-8b5450f97635","name":"8b515da9-7c43-4e1a-872f-e92da896933f:panel_8b515da9-7c43-4e1a-872f-e92da896933f","type":"lens"},{"id":"e2cff350-6ccc-11ec-864c-8b5450f97635","name":"7837aa9f-dca6-4a7b-9881-65f26b2a5f4f:panel_7837aa9f-dca6-4a7b-9881-65f26b2a5f4f","type":"lens"},{"id":"e88fd030-6ccc-11ec-864c-8b5450f97635","name":"26df0dd7-8042-4e69-a4b1-c8ed5a677f6a:panel_26df0dd7-8042-4e69-a4b1-c8ed5a677f6a","type":"lens"},{"id":"edca7780-6ccc-11ec-864c-8b5450f97635","name":"508bbc67-1a96-465d-b30d-23aecaaf4895:panel_508bbc67-1a96-465d-b30d-23aecaaf4895","type":"lens"},{"id":"dbb93900-6ccc-11ec-864c-8b5450f97635","name":"a89ab8ad-a272-405f-8db8-4f722bbfeb61:panel_a89ab8ad-a272-405f-8db8-4f722bbfeb61","type":"lens"},{"id":"424d7a60-6f0b-11ec-864c-8b5450f97635","name":"9248209e-9f35-48c5-958c-3cab215eb410:panel_9248209e-9f35-48c5-958c-3cab215eb410","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1484],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTM4LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"521cff19-8a9b-4da3-9494-488b27d4dd82":{"columnOrder":["8dfaf54f-d93c-4ec7-b0ba-eb0952346f84","34b55020-af44-47dd-8789-141a3bded802","1f3dc877-ccc1-43a6-8405-b2866867032c"],"columns":{"1f3dc877-ccc1-43a6-8405-b2866867032c":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","scale":"ratio","sourceField":"Records"},"34b55020-af44-47dd-8789-141a3bded802":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"registry.key","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"1f3dc877-ccc1-43a6-8405-b2866867032c","type":"column"},"orderDirection":"desc","otherBucket":true,"size":20},"scale":"ordinal","sourceField":"registry.key"},"8dfaf54f-d93c-4ec7-b0ba-eb0952346f84":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"host.hostname","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"1f3dc877-ccc1-43a6-8405-b2866867032c","type":"column"},"orderDirection":"desc","otherBucket":true,"size":20},"scale":"ordinal","sourceField":"host.name"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":"event.category : \"registry\" "},"visualization":{"columns":[{"columnId":"8dfaf54f-d93c-4ec7-b0ba-eb0952346f84","isTransposed":false},{"columnId":"34b55020-af44-47dd-8789-141a3bded802","isTransposed":false},{"columnId":"1f3dc877-ccc1-43a6-8405-b2866867032c","isTransposed":false}],"layerId":"521cff19-8a9b-4da3-9494-488b27d4dd82","layerType":"data"}},"title":"Endgame - Registry Events","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"e1e12ab0-6cc5-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-521cff19-8a9b-4da3-9494-488b27d4dd82","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1488],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTM5LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.16.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":11,\"h\":9,\"i\":\"64356467-dfe4-4eed-b53d-0cdf0b94f6d0\"},\"panelIndex\":\"64356467-dfe4-4eed-b53d-0cdf0b94f6d0\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635) \\n \\n**Event Category** \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame** \\n[Endgame Alerts](https://ENDGAMEHOST/alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_64356467-dfe4-4eed-b53d-0cdf0b94f6d0\"},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":11,\"y\":0,\"w\":15,\"h\":9,\"i\":\"cc23bd7c-9000-4af9-875e-5779794011d0\"},\"panelIndex\":\"cc23bd7c-9000-4af9-875e-5779794011d0\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"panelRefName\":\"panel_cc23bd7c-9000-4af9-875e-5779794011d0\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":26,\"y\":0,\"w\":11,\"h\":9,\"i\":\"276394f1-fa5b-42b2-ab7c-8db18bd367a3\"},\"panelIndex\":\"276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-97b747de-fee3-4557-84f6-3d6aecd1f5c7\"}],\"state\":{\"visualization\":{\"layerId\":\"97b747de-fee3-4557-84f6-3d6aecd1f5c7\",\"accessor\":\"dccdca2f-fac1-43ce-8c74-d50a8a007366\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"97b747de-fee3-4557-84f6-3d6aecd1f5c7\":{\"columns\":{\"dccdca2f-fac1-43ce-8c74-d50a8a007366\":{\"label\":\"Hosts\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.ip\",\"isBucketed\":false,\"customLabel\":true}},\"columnOrder\":[\"dccdca2f-fac1-43ce-8c74-d50a8a007366\"],\"incompleteColumns\":{}}}}}}},\"enhancements\":{},\"type\":\"lens\"},\"panelRefName\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":37,\"y\":0,\"w\":11,\"h\":9,\"i\":\"2c8d6219-3e37-47c9-bfb2-9330167ad7b8\"},\"panelIndex\":\"2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-fac6e4a9-2d36-463c-b2b0-b451546f6f20\"},{\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\",\"id\":\"endgame-*\"}],\"state\":{\"visualization\":{\"layerId\":\"fac6e4a9-2d36-463c-b2b0-b451546f6f20\",\"accessor\":\"2bea62c1-f8ef-43c3-b9c3-1931437bc5db\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.action\",\"params\":{\"query\":\"detection\"},\"indexRefName\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.action\":\"detection\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"fac6e4a9-2d36-463c-b2b0-b451546f6f20\":{\"columns\":{\"2bea62c1-f8ef-43c3-b9c3-1931437bc5db\":{\"label\":\"Alerts\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"2bea62c1-f8ef-43c3-b9c3-1931437bc5db\"],\"incompleteColumns\":{}}}}}}},\"enhancements\":{},\"type\":\"lens\"},\"panelRefName\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":9,\"w\":48,\"h\":13,\"i\":\"f702b2f2-5fc3-4a29-90a6-0d0d223fd358\"},\"panelIndex\":\"f702b2f2-5fc3-4a29-90a6-0d0d223fd358\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f702b2f2-5fc3-4a29-90a6-0d0d223fd358\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":22,\"w\":48,\"h\":14,\"i\":\"93800440-ed84-48b6-8055-c58a5d290ec6\"},\"panelIndex\":\"93800440-ed84-48b6-8055-c58a5d290ec6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-1828f449-a2e9-4ed2-a72c-e6f22382569e\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"e5498d4d-b9af-4016-8afc-e4639ceb6c10\",\"isTransposed\":false},{\"columnId\":\"b76f4623-7690-4ad3-ae68-d19b80a2361a\",\"isTransposed\":false}],\"layerId\":\"1828f449-a2e9-4ed2-a72c-e6f22382569e\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"1828f449-a2e9-4ed2-a72c-e6f22382569e\":{\"columns\":{\"e5498d4d-b9af-4016-8afc-e4639ceb6c10\":{\"label\":\"Top values of host.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":true},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false}},\"b76f4623-7690-4ad3-ae68-d19b80a2361a\":{\"label\":\"Last value of host.ip\",\"dataType\":\"ip\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"host.ip\",\"params\":{\"sortField\":\"@timestamp\"}}},\"columnOrder\":[\"e5498d4d-b9af-4016-8afc-e4639ceb6c10\",\"b76f4623-7690-4ad3-ae68-d19b80a2361a\"],\"incompleteColumns\":{}}}}}}},\"enhancements\":{},\"type\":\"lens\"},\"panelRefName\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\"},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":36,\"w\":48,\"h\":14,\"i\":\"f389ba6c-bcad-4564-aca0-e696e2981239\"},\"panelIndex\":\"f389ba6c-bcad-4564-aca0-e696e2981239\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f389ba6c-bcad-4564-aca0-e696e2981239\"},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":50,\"w\":48,\"h\":18,\"i\":\"1ae20b57-e5db-4e2b-b45b-51132e0892d2\"},\"panelIndex\":\"1ae20b57-e5db-4e2b-b45b-51132e0892d2\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":null},\"panelRefName\":\"panel_1ae20b57-e5db-4e2b-b45b-51132e0892d2\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":68,\"w\":23,\"h\":16,\"i\":\"64991e9b-5624-4d8d-9624-3077e970068f\"},\"panelIndex\":\"64991e9b-5624-4d8d-9624-3077e970068f\",\"embeddableConfig\":{\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"842ed2f7-3fb1-4c0d-a62c-dd9d06de42da\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Go to Dashboard\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true}}}]}},\"hidePanelTitles\":false},\"title\":\"Endgame - Network DNS Requests Chart\",\"panelRefName\":\"panel_64991e9b-5624-4d8d-9624-3077e970068f\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":68,\"w\":25,\"h\":16,\"i\":\"d3b35751-4ec0-441c-a399-4c56a38ea9d3\"},\"panelIndex\":\"d3b35751-4ec0-441c-a399-4c56a38ea9d3\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"99f3c946-0494-42aa-a14f-cac5dce6757d\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View in Process Dashboard\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true}}}]}}},\"title\":\"Endgame - Processes\",\"panelRefName\":\"panel_d3b35751-4ec0-441c-a399-4c56a38ea9d3\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":84,\"w\":24,\"h\":15,\"i\":\"77406005-0714-4d8f-a535-79c693437dfe\"},\"panelIndex\":\"77406005-0714-4d8f-a535-79c693437dfe\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - Auth Event Outcome\",\"panelRefName\":\"panel_77406005-0714-4d8f-a535-79c693437dfe\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":84,\"w\":24,\"h\":15,\"i\":\"79b433c6-e740-40be-8b5e-02155ee11955\"},\"panelIndex\":\"79b433c6-e740-40be-8b5e-02155ee11955\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-e5f77e35-1bc5-4487-9602-e2962cafa87b\"},{\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\",\"id\":\"endgame-*\"}],\"state\":{\"visualization\":{\"layerId\":\"e5f77e35-1bc5-4487-9602-e2962cafa87b\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"ade5af28-bac8-4a2d-adff-28580282a9d2\"},{\"isTransposed\":false,\"columnId\":\"e480935c-b388-48c6-9582-fb4600b462fb\"},{\"columnId\":\"bb5f0057-5e74-4baf-9839-aff53de6d145\",\"isTransposed\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"indexRefName\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"e5f77e35-1bc5-4487-9602-e2962cafa87b\":{\"columns\":{\"ade5af28-bac8-4a2d-adff-28580282a9d2\":{\"label\":\"Top values of file.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.name\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e480935c-b388-48c6-9582-fb4600b462fb\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true}},\"e480935c-b388-48c6-9582-fb4600b462fb\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"bb5f0057-5e74-4baf-9839-aff53de6d145\":{\"label\":\"Top values of file.path\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.path\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e480935c-b388-48c6-9582-fb4600b462fb\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true}}},\"columnOrder\":[\"ade5af28-bac8-4a2d-adff-28580282a9d2\",\"bb5f0057-5e74-4baf-9839-aff53de6d145\",\"e480935c-b388-48c6-9582-fb4600b462fb\"],\"incompleteColumns\":{}}}}}}},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Endgame - File Name\",\"panelRefName\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":99,\"w\":48,\"h\":15,\"i\":\"812191d7-0fc5-4dba-8cb6-600b9e3ee15c\"},\"panelIndex\":\"812191d7-0fc5-4dba-8cb6-600b9e3ee15c\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - Registry Events\",\"panelRefName\":\"panel_812191d7-0fc5-4dba-8cb6-600b9e3ee15c\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":114,\"w\":48,\"h\":19,\"i\":\"b4898ca9-c99e-4ea2-a269-4e60616f2a4f\"},\"panelIndex\":\"b4898ca9-c99e-4ea2-a269-4e60616f2a4f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b4898ca9-c99e-4ea2-a269-4e60616f2a4f\"}]","timeRestore":false,"title":"Endgame - Admin","version":1},"coreMigrationVersion":"7.16.2","id":"6063a9e0-61b2-11ec-864c-8b5450f97635","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"754f7380-6d82-11ec-864c-8b5450f97635","name":"64356467-dfe4-4eed-b53d-0cdf0b94f6d0:panel_64356467-dfe4-4eed-b53d-0cdf0b94f6d0","type":"visualization"},{"id":"e2da1340-53a3-11ec-b3ef-6bcc33056a36","name":"cc23bd7c-9000-4af9-875e-5779794011d0:panel_cc23bd7c-9000-4af9-875e-5779794011d0","type":"visualization"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"df2ef610-6a1f-11ec-864c-8b5450f97635","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3","type":"lens"},{"id":"endgame-*","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"276394f1-fa5b-42b2-ab7c-8db18bd367a3:indexpattern-datasource-layer-97b747de-fee3-4557-84f6-3d6aecd1f5c7","type":"index-pattern"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"d07fce50-6a1f-11ec-864c-8b5450f97635","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8","type":"lens"},{"id":"endgame-*","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:indexpattern-datasource-layer-fac6e4a9-2d36-463c-b2b0-b451546f6f20","type":"index-pattern"},{"id":"endgame-*","name":"2c8d6219-3e37-47c9-bfb2-9330167ad7b8:filter-index-pattern-0","type":"index-pattern"},{"id":"82185ff0-696d-11ec-864c-8b5450f97635","name":"f702b2f2-5fc3-4a29-90a6-0d0d223fd358:panel_f702b2f2-5fc3-4a29-90a6-0d0d223fd358","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"03935e10-6a20-11ec-864c-8b5450f97635","name":"93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6","type":"lens"},{"id":"endgame-*","name":"93800440-ed84-48b6-8055-c58a5d290ec6:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"93800440-ed84-48b6-8055-c58a5d290ec6:indexpattern-datasource-layer-1828f449-a2e9-4ed2-a72c-e6f22382569e","type":"index-pattern"},{"id":"3ae34620-6258-11ec-864c-8b5450f97635","name":"f389ba6c-bcad-4564-aca0-e696e2981239:panel_f389ba6c-bcad-4564-aca0-e696e2981239","type":"visualization"},{"id":"de389910-6f0a-11ec-864c-8b5450f97635","name":"1ae20b57-e5db-4e2b-b45b-51132e0892d2:panel_1ae20b57-e5db-4e2b-b45b-51132e0892d2","type":"visualization"},{"id":"f30bef10-6328-11ec-864c-8b5450f97635","name":"64991e9b-5624-4d8d-9624-3077e970068f:panel_64991e9b-5624-4d8d-9624-3077e970068f","type":"lens"},{"id":"49d34770-53b2-11ec-b3ef-6bcc33056a36","name":"64991e9b-5624-4d8d-9624-3077e970068f:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:842ed2f7-3fb1-4c0d-a62c-dd9d06de42da:dashboardId","type":"dashboard"},{"id":"e2cff350-6ccc-11ec-864c-8b5450f97635","name":"d3b35751-4ec0-441c-a399-4c56a38ea9d3:panel_d3b35751-4ec0-441c-a399-4c56a38ea9d3","type":"lens"},{"id":"790991a0-6287-11ec-864c-8b5450f97635","name":"d3b35751-4ec0-441c-a399-4c56a38ea9d3:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:99f3c946-0494-42aa-a14f-cac5dce6757d:dashboardId","type":"dashboard"},{"id":"072ae530-6d6c-11ec-864c-8b5450f97635","name":"77406005-0714-4d8f-a535-79c693437dfe:panel_77406005-0714-4d8f-a535-79c693437dfe","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2","type":"lens"},{"id":"676296e0-6d6d-11ec-864c-8b5450f97635","name":"79b433c6-e740-40be-8b5e-02155ee11955:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2","type":"lens"},{"id":"endgame-*","name":"79b433c6-e740-40be-8b5e-02155ee11955:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"79b433c6-e740-40be-8b5e-02155ee11955:indexpattern-datasource-layer-e5f77e35-1bc5-4487-9602-e2962cafa87b","type":"index-pattern"},{"id":"endgame-*","name":"79b433c6-e740-40be-8b5e-02155ee11955:filter-index-pattern-0","type":"index-pattern"},{"id":"e1e12ab0-6cc5-11ec-864c-8b5450f97635","name":"812191d7-0fc5-4dba-8cb6-600b9e3ee15c:panel_812191d7-0fc5-4dba-8cb6-600b9e3ee15c","type":"lens"},{"id":"20c85b70-53aa-11ec-b3ef-6bcc33056a36","name":"b4898ca9-c99e-4ea2-a269-4e60616f2a4f:panel_b4898ca9-c99e-4ea2-a269-4e60616f2a4f","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1578],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTQwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Data Types","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Data Types\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event_type.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Data Type\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"60925490-34bf-11e7-9b32-bb903919ead9","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"sort":[1643385898421,1580],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTQxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SSL - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"6139edd0-3641-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1582],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTQyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Autoruns - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"bf5ab2d0-6d6b-11e7-ad64-15aa071374a6","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,1584],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTQzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Hostname (Tag Cloud)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Autoruns - Hostname (Tag Cloud)\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":10,\"maxFontSize\":30,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"hostname.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"c5d58f60-6d78-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,1586],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTQ0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Hostname","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Autoruns - Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hostname.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"df5e9e80-6d79-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,1588],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTQ1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Launch String","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Autoruns - Launch String\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"launch_string.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Launch String\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"image_path.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Image\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"cfd94590-6d7a-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,1590],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTQ2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Company","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Autoruns - Company\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":14,\"maxFontSize\":36,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"company.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"96105ff0-6d7b-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,1592],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTQ3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Signer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Autoruns - Signer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"signer.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Signer\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"6cf187b0-6d7c-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,1594],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTQ4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Autoruns - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHG1IaxQT5EBNmq4yR","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,1596],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTQ5LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":16,\"x\":8,\"y\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":8,\"y\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":24,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":24,\"y\":24,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":72,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":96,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":28,\"h\":24,\"x\":20,\"y\":48,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":0,\"y\":48,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":32,\"x\":0,\"y\":120,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"columns\":[\"entry\",\"entry_location\",\"image_path\",\"hostname\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"z16.04 - Autoruns","version":1},"coreMigrationVersion":"7.16.2","id":"61d43810-6d62-11e7-8ddb-e71eb260f4a3","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"bf5ab2d0-6d6b-11e7-ad64-15aa071374a6","name":"panel_1","type":"visualization"},{"id":"482be9b0-6d78-11e7-b09b-f57b22df6524","name":"panel_2","type":"visualization"},{"id":"c5d58f60-6d78-11e7-b09b-f57b22df6524","name":"panel_3","type":"visualization"},{"id":"1cd6a970-6d79-11e7-b09b-f57b22df6524","name":"panel_4","type":"visualization"},{"id":"df5e9e80-6d79-11e7-b09b-f57b22df6524","name":"panel_5","type":"visualization"},{"id":"2ef9ccd0-6d7a-11e7-b09b-f57b22df6524","name":"panel_6","type":"visualization"},{"id":"cfd94590-6d7a-11e7-b09b-f57b22df6524","name":"panel_7","type":"visualization"},{"id":"96105ff0-6d7b-11e7-b09b-f57b22df6524","name":"panel_8","type":"visualization"},{"id":"6cf187b0-6d7c-11e7-b09b-f57b22df6524","name":"panel_9","type":"visualization"},{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"panel_10","type":"search"},{"id":"AWDHG1IaxQT5EBNmq4yR","name":"panel_11","type":"visualization"}],"sort":[1643385898421,1609],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTUwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.category.keyword : \\\"registry\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - Event.Cat:Registry Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - Event.Cat:Registry Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30m\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{},\"style\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"},\"style\":{}}],\"seriesParams\":[{\"show\":true,\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":3}],\"addTooltip\":true,\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"addLegend\":true,\"legendPosition\":\"right\",\"fittingFunction\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"labels\":{},\"radiusRatio\":9,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"coreMigrationVersion":"7.16.2","id":"61f72150-6406-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1612],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTUxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS Alerts - Source Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS Alerts - Source Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"620283e0-3af5-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1614],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTUyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Modbus - Function","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Modbus - Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"modbus.function.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"modbus.function.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"}}]}"},"coreMigrationVersion":"7.16.2","id":"62449800-75be-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1616],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTUzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - MySQL - Success","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - MySQL - Success\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Success\"}}]}"},"coreMigrationVersion":"7.16.2","id":"62969db0-75c0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1618],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTU0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Top Destination IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Top Destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}"},"coreMigrationVersion":"7.16.2","id":"62ac4060-6ea0-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1643385898421,1620],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTU1LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"e316de92-6d8b-4ef1-8197-18b0b339413f":{"columnOrder":["7e8c9bea-75f8-4666-be0e-a3c8e96f7739"],"columns":{"7e8c9bea-75f8-4666-be0e-a3c8e96f7739":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.category","negate":false,"params":{"query":"authentication"},"type":"phrase"},"query":{"match_phrase":{"event.category":"authentication"}}}],"query":{"language":"kuery","query":""},"visualization":{"accessor":"7e8c9bea-75f8-4666-be0e-a3c8e96f7739","layerId":"e316de92-6d8b-4ef1-8197-18b0b339413f","layerType":"data"}},"title":"Endgame - Auth Count","visualizationType":"lnsMetric"},"coreMigrationVersion":"7.16.2","id":"63569670-6d6b-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-e316de92-6d8b-4ef1-8197-18b0b339413f","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1625],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTU2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Desktop Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Desktop Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"desktop_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Desktop Name\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"63c072c0-371f-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1627],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTU3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Drilldown - Rule Signature","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Drilldown - Rule Signature\",\"type\":\"table\",\"params\":{\"perPage\":1,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"top_hits\",\"schema\":\"metric\",\"params\":{\"field\":\"rule_signature.keyword\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"NIDS Signature\"}}]}"},"coreMigrationVersion":"7.16.2","id":"6533dd40-e064-11e9-8f0c-2ddbf5ed9290","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1629],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTU4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Syslog - Facility","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Syslog - Facility\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"syslog.facility_label: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog.facility_label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Facility\"}}]}"},"coreMigrationVersion":"7.16.2","id":"e017cb80-777b-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1631],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTU5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Syslog - Severity","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog.severity_label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - Syslog - Severity\"}"},"coreMigrationVersion":"7.16.2","id":"9e1a4240-c77a-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1633],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTYwLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:syslog\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"9c4d23d9-2dd5-4a9f-aa67-edc6b73f3086\"},\"panelIndex\":\"9c4d23d9-2dd5-4a9f-aa67-edc6b73f3086\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"a3e3afae-dd54-4024-9d09-608a6baecd42\"},\"panelIndex\":\"a3e3afae-dd54-4024-9d09-608a6baecd42\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"e7dbc7be-d1ef-499a-bbb6-2963bfdaabfb\"},\"panelIndex\":\"e7dbc7be-d1ef-499a-bbb6-2963bfdaabfb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":18,\"i\":\"e1ea8adf-acd8-4577-9c81-1acb711d20ce\"},\"panelIndex\":\"e1ea8adf-acd8-4577-9c81-1acb711d20ce\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":8,\"h\":18,\"i\":\"16f2046a-4417-4e78-9699-65d253db78cb\"},\"panelIndex\":\"16f2046a-4417-4e78-9699-65d253db78cb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":8,\"w\":11,\"h\":18,\"i\":\"226810af-b55b-4fba-99c8-0c28ca99aa37\"},\"panelIndex\":\"226810af-b55b-4fba-99c8-0c28ca99aa37\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":27,\"y\":8,\"w\":9,\"h\":18,\"i\":\"9cc5fffe-3834-4550-84e3-33d1246f68f6\"},\"panelIndex\":\"9cc5fffe-3834-4550-84e3-33d1246f68f6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":18,\"i\":\"cdad19b0-4f35-4143-8677-0a64a64dbca6\"},\"panelIndex\":\"cdad19b0-4f35-4143-8677-0a64a64dbca6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":26,\"w\":48,\"h\":29,\"i\":\"b06c2c59-18a2-4e4c-bfc8-b4d496a89d30\"},\"panelIndex\":\"b06c2c59-18a2-4e4c-bfc8-b4d496a89d30\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - Syslog","version":1},"coreMigrationVersion":"7.16.2","id":"66499a20-75ed-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"e017cb80-777b-11ea-bee5-af7f7c7b8e05","name":"panel_6","type":"visualization"},{"id":"9e1a4240-c77a-11ea-bebb-37c5ab5894ea","name":"panel_7","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_8","type":"search"}],"sort":[1643385898421,1643],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTYxLDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"842f61f9-afc4-44dc-a6bd-e3cc66a8827b":{"columnOrder":["2834ba67-2809-442b-b80b-4b17d3a67d43"],"columns":{"2834ba67-2809-442b-b80b-4b17d3a67d43":{"customLabel":true,"dataType":"number","isBucketed":false,"label":" ","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":"event.kind : \"alert\" "},"visualization":{"accessor":"2834ba67-2809-442b-b80b-4b17d3a67d43","layerId":"842f61f9-afc4-44dc-a6bd-e3cc66a8827b","layerType":"data"}},"title":"Endgame - Alerts","visualizationType":"lnsMetric"},"coreMigrationVersion":"7.16.2","id":"668e9130-6cc1-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-842f61f9-afc4-44dc-a6bd-e3cc66a8827b","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1647],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTYyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Query/Answer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Query/Answer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"answers.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"e8e3b8a0-34c1-11e7-917c-af7a9d11771a","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1649],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTYzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Alerts","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Alerts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"c7eed4c0-3649-11e7-bf60-314364dd1cde","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1651],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTY0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"6ef90c30-34c0-11e7-9b32-bb903919ead9","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1653],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTY1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Sensors - Sensor and Services (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Sensors - Sensor and Services (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"sensor_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sensor\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"service.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"7.16.2","id":"9c979ea0-345b-11e7-8867-29a39c0f86b2","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"sort":[1643385898421,1655],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTY2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Top 50 - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Top 50 - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP\"}}]}"},"coreMigrationVersion":"7.16.2","id":"73806f30-4948-11e8-9576-313be7c6b44b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1657],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTY3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Top 50 - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Top 50 - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP\"}}]}"},"coreMigrationVersion":"7.16.2","id":"c0de57b0-4948-11e8-9576-313be7c6b44b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1659],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTY4LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":24,\"x\":16,\"y\":120,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":144,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":144,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":180,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":180,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":120,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":48,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"columns\":[\"hostname\",\"alert_level\",\"description\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":204,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":12,\"x\":0,\"y\":168,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":144,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":96,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":96,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_14\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":24,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_15\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":0,\"i\":\"26\"},\"panelIndex\":\"26\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_16\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":72,\"i\":\"27\"},\"panelIndex\":\"27\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_17\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":72,\"i\":\"28\"},\"panelIndex\":\"28\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_18\"}]","timeRestore":false,"title":"z16.04 - Indicator","version":1},"coreMigrationVersion":"7.16.2","id":"68563ed0-34bf-11e7-9b32-bb903919ead9","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"60925490-34bf-11e7-9b32-bb903919ead9","name":"panel_1","type":"visualization"},{"id":"e8e3b8a0-34c1-11e7-917c-af7a9d11771a","name":"panel_2","type":"visualization"},{"id":"ae1f1fb0-3648-11e7-bf60-314364dd1cde","name":"panel_3","type":"visualization"},{"id":"d0f56da0-3648-11e7-bf60-314364dd1cde","name":"panel_4","type":"visualization"},{"id":"8ba31820-34c6-11e7-8360-0b86c90983fd","name":"panel_5","type":"visualization"},{"id":"7153e7f0-34c7-11e7-8360-0b86c90983fd","name":"panel_6","type":"visualization"},{"id":"c7eed4c0-3649-11e7-bf60-314364dd1cde","name":"panel_7","type":"visualization"},{"id":"45a652b0-34c1-11e7-917c-af7a9d11771a","name":"panel_8","type":"visualization"},{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"panel_9","type":"search"},{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"panel_10","type":"search"},{"id":"934fe550-6e08-11e7-9370-174c4785d3e1","name":"panel_11","type":"visualization"},{"id":"3f4abb40-6e0a-11e7-84cc-b363f104b3c7","name":"panel_12","type":"visualization"},{"id":"53ac63e0-365b-11e7-8bd0-1db2c55fb7a1","name":"panel_13","type":"visualization"},{"id":"6ef90c30-34c0-11e7-9b32-bb903919ead9","name":"panel_14","type":"visualization"},{"id":"07fdf9e0-39ad-11e7-8472-0151e5b2b475","name":"panel_15","type":"visualization"},{"id":"9c979ea0-345b-11e7-8867-29a39c0f86b2","name":"panel_16","type":"visualization"},{"id":"73806f30-4948-11e8-9576-313be7c6b44b","name":"panel_17","type":"visualization"},{"id":"c0de57b0-4948-11e8-9576-313be7c6b44b","name":"panel_18","type":"visualization"}],"sort":[1643385898421,1679],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTY5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network Data - Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Network Data - Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"7.16.2","id":"689991b0-6ea7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1643385898421,1681],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTcwLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[25.16517336866393,0.17578125],\"mapZoom\":2,\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]","timeRestore":false,"title":"Connections - Source - Originator Bytes","version":1},"coreMigrationVersion":"7.16.2","id":"68f738e0-46ca-11e7-946f-1bfb1be7c36b","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"05809df0-46cb-11e7-946f-1bfb1be7c36b","name":"panel_1","type":"visualization"}],"sort":[1643385898421,1684],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTcxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SNMP - Version","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SNMP - Version\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"snmp.version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Version\"}}]}"},"coreMigrationVersion":"7.16.2","id":"690ef880-75e9-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1686],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTcyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Weird - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Weird - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}}]}"},"coreMigrationVersion":"7.16.2","id":"691ade50-4c85-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1688],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTczLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Kerberos - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"c97cd4c0-35ba-11e7-b9ee-834112670159","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1690],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTc0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"710ccbf0-35bb-11e7-b9ee-834112670159","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1692],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTc1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Kerberos - Success Status (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Kerberos - Success Status (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"kerberos_success.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"7.16.2","id":"b31231c0-35bb-11e7-b9ee-834112670159","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1694],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTc2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"f0178840-35bb-11e7-b9ee-834112670159","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1696],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTc3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Kerberos - Cipher (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Kerberos - Cipher (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"cipher.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"7.16.2","id":"e3fffae0-3635-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1698],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTc4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"84f28670-3636-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1700],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTc5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Service","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"f7c48a20-6e19-11e7-89e4-613b96f597e1","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1702],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTgwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Renewable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Renewable\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"renewable.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Renewable\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"bb748470-6e1a-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1704],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTgxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Kerberos - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDG_UbkxQT5EBNmq4Lg","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1706],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTgyLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":120,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"request_type\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":48,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":16,\"x\":28,\"y\":8,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":48,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":16,\"x\":8,\"y\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":96,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":96,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":96,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":28,\"h\":24,\"x\":0,\"y\":72,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":24,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":72,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"}]","timeRestore":false,"title":"z16.04 - Bro - Kerberos","version":1},"coreMigrationVersion":"7.16.2","id":"6b0d4870-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"c97cd4c0-35ba-11e7-b9ee-834112670159","name":"panel_1","type":"visualization"},{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"panel_2","type":"search"},{"id":"710ccbf0-35bb-11e7-b9ee-834112670159","name":"panel_3","type":"visualization"},{"id":"b31231c0-35bb-11e7-b9ee-834112670159","name":"panel_4","type":"visualization"},{"id":"f0178840-35bb-11e7-b9ee-834112670159","name":"panel_5","type":"visualization"},{"id":"e3fffae0-3635-11e7-a6f7-4f44d7bf1c33","name":"panel_6","type":"visualization"},{"id":"28d04080-3636-11e7-a6f7-4f44d7bf1c33","name":"panel_7","type":"visualization"},{"id":"3f34faa0-3636-11e7-a6f7-4f44d7bf1c33","name":"panel_8","type":"visualization"},{"id":"84f28670-3636-11e7-a6f7-4f44d7bf1c33","name":"panel_9","type":"visualization"},{"id":"f7c48a20-6e19-11e7-89e4-613b96f597e1","name":"panel_10","type":"visualization"},{"id":"4aa0b2a0-6e1a-11e7-89e4-613b96f597e1","name":"panel_11","type":"visualization"},{"id":"bb748470-6e1a-11e7-b553-7f80727663c1","name":"panel_12","type":"visualization"},{"id":"AWDG_UbkxQT5EBNmq4Lg","name":"panel_13","type":"visualization"}],"sort":[1643385898421,1721],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTgzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:intel\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Intel - Indicator Type (Pie)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Intel - Indicator Type (Pie)\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"intel.indicator_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator Type\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true}}"},"coreMigrationVersion":"7.16.2","id":"6b109430-0e60-11eb-a255-e1e8e85e3571","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1723],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTg0LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"f792f3cd-4a3c-4788-a3f8-33542035b98e":{"columnOrder":["4aaf35d6-7ed3-4d81-9a7d-85bbc43459c1","c7495830-1f48-4613-a2a1-e9213447910f","3926249d-4707-4e24-a637-7a2b9d046856"],"columns":{"3926249d-4707-4e24-a637-7a2b9d046856":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","scale":"ratio","sourceField":"Records"},"4aaf35d6-7ed3-4d81-9a7d-85bbc43459c1":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"host.user.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"3926249d-4707-4e24-a637-7a2b9d046856","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"host.user.name"},"c7495830-1f48-4613-a2a1-e9213447910f":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"user.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"3926249d-4707-4e24-a637-7a2b9d046856","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"user.name"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.category","negate":false,"params":{"query":"authentication"},"type":"phrase"},"query":{"match_phrase":{"event.category":"authentication"}}}],"query":{"language":"kuery","query":""},"visualization":{"columns":[{"columnId":"4aaf35d6-7ed3-4d81-9a7d-85bbc43459c1","isTransposed":false},{"columnId":"c7495830-1f48-4613-a2a1-e9213447910f","isTransposed":false},{"columnId":"3926249d-4707-4e24-a637-7a2b9d046856","isTransposed":false}],"layerId":"f792f3cd-4a3c-4788-a3f8-33542035b98e","layerType":"data"}},"title":"Endgame - Auth Username","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"6b3841e0-6d6b-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-f792f3cd-4a3c-4788-a3f8-33542035b98e","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1728],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTg1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Destination Port","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Sysmon - Destination Port\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"6b70b840-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,1730],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTg2LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"4a1ec78a-56cc-4227-919e-857b47d902dd":{"columnOrder":["fb18d67e-9996-499c-95e1-0e67c91567c8","c8eeb0da-7ef2-40fa-b837-808e4e34c536","56f86bee-5b6e-42b4-92f3-563f7782aa71"],"columns":{"56f86bee-5b6e-42b4-92f3-563f7782aa71":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"c8eeb0da-7ef2-40fa-b837-808e4e34c536":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"fb18d67e-9996-499c-95e1-0e67c91567c8":{"dataType":"string","isBucketed":true,"label":"Top values of event.outcome","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"56f86bee-5b6e-42b4-92f3-563f7782aa71","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"event.outcome"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.category","negate":false,"params":{"query":"authentication"},"type":"phrase"},"query":{"match_phrase":{"event.category":"authentication"}}}],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":0},"layers":[{"accessors":["56f86bee-5b6e-42b4-92f3-563f7782aa71"],"layerId":"4a1ec78a-56cc-4227-919e-857b47d902dd","layerType":"data","position":"top","seriesType":"bar_stacked","showGridlines":false,"splitAccessor":"fb18d67e-9996-499c-95e1-0e67c91567c8","xAccessor":"c8eeb0da-7ef2-40fa-b837-808e4e34c536"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"bar_stacked","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","yLeftExtent":{"mode":"full"},"yRightExtent":{"mode":"full"}}},"title":"Endgame - Auth Logs Over Time","visualizationType":"lnsXY"},"coreMigrationVersion":"7.16.2","id":"6f648670-6d6b-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-4a1ec78a-56cc-4227-919e-857b47d902dd","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1735],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTg3LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"3f16332f-15b4-4f4f-8cd0-3904d1082ad9":{"columnOrder":["ac84ac59-9300-4b99-b002-b9c3bcb375d0","d449a510-00fe-4b24-bd3d-5c9d4e5fc67b"],"columns":{"ac84ac59-9300-4b99-b002-b9c3bcb375d0":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"host.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"d449a510-00fe-4b24-bd3d-5c9d4e5fc67b","type":"column"},"orderDirection":"desc","otherBucket":true,"size":5},"scale":"ordinal","sourceField":"host.name"},"d449a510-00fe-4b24-bd3d-5c9d4e5fc67b":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count ","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.category","negate":false,"params":{"query":"authentication"},"type":"phrase"},"query":{"match_phrase":{"event.category":"authentication"}}}],"query":{"language":"kuery","query":""},"visualization":{"columns":[{"columnId":"ac84ac59-9300-4b99-b002-b9c3bcb375d0"},{"columnId":"d449a510-00fe-4b24-bd3d-5c9d4e5fc67b"}],"layerId":"3f16332f-15b4-4f4f-8cd0-3904d1082ad9","layerType":"data"}},"title":"Endgame - Auth Hostname","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"b6bd72c0-6d6b-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-3f16332f-15b4-4f4f-8cd0-3904d1082ad9","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1740],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTg4LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"67aa62dc-542c-4302-b7ca-3f58dcae48bc":{"columnOrder":["c6c215da-4e22-4969-b00a-fb6a0a85eac3","5f851d2a-ab05-4075-9aa3-8d73eb2d0d08"],"columns":{"5f851d2a-ab05-4075-9aa3-8d73eb2d0d08":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"c6c215da-4e22-4969-b00a-fb6a0a85eac3":{"dataType":"string","isBucketed":true,"label":"Top values of event.action","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"5f851d2a-ab05-4075-9aa3-8d73eb2d0d08","type":"column"},"orderDirection":"desc","otherBucket":true,"size":5},"scale":"ordinal","sourceField":"event.action"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.category","negate":false,"params":{"query":"authentication"},"type":"phrase"},"query":{"match_phrase":{"event.category":"authentication"}}}],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"categoryDisplay":"default","groups":["c6c215da-4e22-4969-b00a-fb6a0a85eac3"],"layerId":"67aa62dc-542c-4302-b7ca-3f58dcae48bc","layerType":"data","legendDisplay":"default","metric":"5f851d2a-ab05-4075-9aa3-8d73eb2d0d08","nestedLegend":false,"numberDisplay":"percent"}],"shape":"donut"}},"title":"Endgame - Auth Event Action (Donut)","visualizationType":"lnsPie"},"coreMigrationVersion":"7.16.2","id":"d3e6cf90-6d6b-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-67aa62dc-542c-4302-b7ca-3f58dcae48bc","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1745],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTg5LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"d00a9d6e-a40e-4051-9999-946bca8cc10a":{"columnOrder":["2ff29508-b249-4b8b-8472-7b287d1a458d","4fbce0f5-b26d-4996-a04a-8f28c03e85e1"],"columns":{"2ff29508-b249-4b8b-8472-7b287d1a458d":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"event.action","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"4fbce0f5-b26d-4996-a04a-8f28c03e85e1","type":"column"},"orderDirection":"desc","otherBucket":true,"size":5},"scale":"ordinal","sourceField":"event.action"},"4fbce0f5-b26d-4996-a04a-8f28c03e85e1":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.category","negate":false,"params":{"query":"authentication"},"type":"phrase"},"query":{"match_phrase":{"event.category":"authentication"}}}],"query":{"language":"kuery","query":""},"visualization":{"columns":[{"columnId":"2ff29508-b249-4b8b-8472-7b287d1a458d"},{"columnId":"4fbce0f5-b26d-4996-a04a-8f28c03e85e1"}],"layerId":"d00a9d6e-a40e-4051-9999-946bca8cc10a","layerType":"data"}},"title":"Endgame - Auth Event Action","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"c9b17020-6d6b-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-d00a9d6e-a40e-4051-9999-946bca8cc10a","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1750],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTkwLDE1XQ=="} -{"attributes":{"columns":["host.hostname","user.name","host.ip"],"description":"","grid":{},"hideChart":false,"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"authentication\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.category\":\"authentication\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Endgame - Authentication Search","version":1},"coreMigrationVersion":"7.16.2","id":"7a1fc780-6f07-11ec-864c-8b5450f97635","migrationVersion":{"search":"7.9.3"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1643385898421,1753],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTkxLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.16.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":10,\"h\":10,\"i\":\"16f743b7-687e-43ce-86a5-3ad5c607c1fe\"},\"panelIndex\":\"16f743b7-687e-43ce-86a5-3ad5c607c1fe\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635) \\n \\n**Event Category** \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame** \\n[Endgame Alerts](https://ENDGAMEHOST/alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_16f743b7-687e-43ce-86a5-3ad5c607c1fe\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":10,\"y\":0,\"w\":14,\"h\":10,\"i\":\"b9a19eb1-8a99-4ba7-89e5-7176371c1365\"},\"panelIndex\":\"b9a19eb1-8a99-4ba7-89e5-7176371c1365\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Auth Count\",\"panelRefName\":\"panel_b9a19eb1-8a99-4ba7-89e5-7176371c1365\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":10,\"i\":\"f16a41be-56eb-4852-b44c-7303c89b3332\"},\"panelIndex\":\"f16a41be-56eb-4852-b44c-7303c89b3332\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Auth Username\",\"panelRefName\":\"panel_f16a41be-56eb-4852-b44c-7303c89b3332\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":10,\"w\":24,\"h\":15,\"i\":\"dc68201b-bd8a-4fe9-9009-68fe91013c9f\"},\"panelIndex\":\"dc68201b-bd8a-4fe9-9009-68fe91013c9f\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Auth Logs Over Time\",\"panelRefName\":\"panel_dc68201b-bd8a-4fe9-9009-68fe91013c9f\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":10,\"w\":24,\"h\":10,\"i\":\"c394186d-2848-42bf-a521-7ba497a3b3b6\"},\"panelIndex\":\"c394186d-2848-42bf-a521-7ba497a3b3b6\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Auth Hostname\",\"panelRefName\":\"panel_c394186d-2848-42bf-a521-7ba497a3b3b6\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":20,\"w\":24,\"h\":15,\"i\":\"c08e4616-5f26-4b6a-aa37-9c6a5e27d739\"},\"panelIndex\":\"c08e4616-5f26-4b6a-aa37-9c6a5e27d739\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[]}}},\"title\":\"Endgame - Auth Event Action (Donut)\",\"panelRefName\":\"panel_c08e4616-5f26-4b6a-aa37-9c6a5e27d739\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":25,\"w\":24,\"h\":10,\"i\":\"d7b3a140-a1a5-48d4-82a5-a84dc3a0285a\"},\"panelIndex\":\"d7b3a140-a1a5-48d4-82a5-a84dc3a0285a\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Auth Event Action\",\"panelRefName\":\"panel_d7b3a140-a1a5-48d4-82a5-a84dc3a0285a\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":15,\"i\":\"aa35ad44-a937-4fa6-9444-7bcb1922a167\"},\"panelIndex\":\"aa35ad44-a937-4fa6-9444-7bcb1922a167\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - Auth Event Outcome\",\"panelRefName\":\"panel_aa35ad44-a937-4fa6-9444-7bcb1922a167\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":50,\"w\":48,\"h\":18,\"i\":\"ffffbd7a-71f4-4977-bdf2-cad011e281c4\"},\"panelIndex\":\"ffffbd7a-71f4-4977-bdf2-cad011e281c4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ffffbd7a-71f4-4977-bdf2-cad011e281c4\"}]","timeRestore":false,"title":"Endgame - Authentication","version":1},"coreMigrationVersion":"7.16.2","id":"6c5aaff0-63f6-11ec-864c-8b5450f97635","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"754f7380-6d82-11ec-864c-8b5450f97635","name":"16f743b7-687e-43ce-86a5-3ad5c607c1fe:panel_16f743b7-687e-43ce-86a5-3ad5c607c1fe","type":"visualization"},{"id":"63569670-6d6b-11ec-864c-8b5450f97635","name":"b9a19eb1-8a99-4ba7-89e5-7176371c1365:panel_b9a19eb1-8a99-4ba7-89e5-7176371c1365","type":"lens"},{"id":"6b3841e0-6d6b-11ec-864c-8b5450f97635","name":"f16a41be-56eb-4852-b44c-7303c89b3332:panel_f16a41be-56eb-4852-b44c-7303c89b3332","type":"lens"},{"id":"6f648670-6d6b-11ec-864c-8b5450f97635","name":"dc68201b-bd8a-4fe9-9009-68fe91013c9f:panel_dc68201b-bd8a-4fe9-9009-68fe91013c9f","type":"lens"},{"id":"b6bd72c0-6d6b-11ec-864c-8b5450f97635","name":"c394186d-2848-42bf-a521-7ba497a3b3b6:panel_c394186d-2848-42bf-a521-7ba497a3b3b6","type":"lens"},{"id":"d3e6cf90-6d6b-11ec-864c-8b5450f97635","name":"c08e4616-5f26-4b6a-aa37-9c6a5e27d739:panel_c08e4616-5f26-4b6a-aa37-9c6a5e27d739","type":"lens"},{"id":"c9b17020-6d6b-11ec-864c-8b5450f97635","name":"d7b3a140-a1a5-48d4-82a5-a84dc3a0285a:panel_d7b3a140-a1a5-48d4-82a5-a84dc3a0285a","type":"lens"},{"id":"072ae530-6d6c-11ec-864c-8b5450f97635","name":"aa35ad44-a937-4fa6-9444-7bcb1922a167:panel_aa35ad44-a937-4fa6-9444-7bcb1922a167","type":"lens"},{"id":"7a1fc780-6f07-11ec-864c-8b5450f97635","name":"ffffbd7a-71f4-4977-bdf2-cad011e281c4:panel_ffffbd7a-71f4-4977-bdf2-cad011e281c4","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1764],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTkyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"6c60a280-76b5-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"sort":[1643385898421,1766],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTkzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Sysmon - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"8cfdeff0-6d6b-11e7-ad64-15aa071374a6","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,1768],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTk0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sysmon - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_hostname.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"7bc74b40-6d71-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,1770],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTk1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Sysmon - Event ID (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Sysmon - Event ID (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event_id\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Event Type\"}}]}"},"coreMigrationVersion":"7.16.2","id":"e09f6010-6d72-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,1772],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTk2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Sysmon - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHHk1sxQT5EBNmq43Y","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"sort":[1643385898421,1774],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTk3LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\",\"time_zone\":\"America/New_York\"}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":96,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":28,\"x\":8,\"y\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":28,\"x\":28,\"y\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":72,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":48,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":24,\"x\":16,\"y\":72,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":120,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"columns\":[\"event_type\",\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"z16.04 - Sysmon - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"6d189680-6d62-11e7-8ddb-e71eb260f4a3","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"8cfdeff0-6d6b-11e7-ad64-15aa071374a6","name":"panel_1","type":"visualization"},{"id":"0eb1fd80-6d70-11e7-b09b-f57b22df6524","name":"panel_2","type":"visualization"},{"id":"3072c750-6d71-11e7-b09b-f57b22df6524","name":"panel_3","type":"visualization"},{"id":"7bc74b40-6d71-11e7-b09b-f57b22df6524","name":"panel_4","type":"visualization"},{"id":"13ed0810-6d72-11e7-b09b-f57b22df6524","name":"panel_5","type":"visualization"},{"id":"3b6c92c0-6d72-11e7-b09b-f57b22df6524","name":"panel_6","type":"visualization"},{"id":"e09f6010-6d72-11e7-b09b-f57b22df6524","name":"panel_7","type":"visualization"},{"id":"29611940-6d75-11e7-b09b-f57b22df6524","name":"panel_8","type":"visualization"},{"id":"6b70b840-6d75-11e7-b09b-f57b22df6524","name":"panel_9","type":"visualization"},{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"panel_10","type":"search"},{"id":"AWDHHk1sxQT5EBNmq43Y","name":"panel_11","type":"visualization"}],"sort":[1643385898421,1787],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTk4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SMB - Action (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMB - Action (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"action.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"7.16.2","id":"6f883480-3aad-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,1789],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MTk5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.certificate.subject.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssl.certificate.subject.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subject\"}}]}"},"coreMigrationVersion":"7.16.2","id":"6fccb600-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1791],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjAwLDE1XQ=="} -{"attributes":{"buildNum":39457,"defaultIndex":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute":"/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize":100,"securitySolution:defaultIndex":["apm-*-transaction*","traces-apm*","auditbeat-*","endgame-*","filebeat-*","logs-*","packetbeat-*","winlogbeat-*","*:so-*"],"theme:darkMode":true,"timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion":"7.16.2","id":"7.16.2","migrationVersion":{"config":"7.13.0"},"references":[],"sort":[1643385898421,1792],"type":"config","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjAxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - File - MIME Flavors","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Strelka - File - MIME Flavors\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.flavors.mime.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.16.2","id":"70243970-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1794],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjAyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Modbus - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDG_9KpxQT5EBNmq4Oo","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1796],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjAzLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"z16.04 - Bro - Modbus","version":1},"coreMigrationVersion":"7.16.2","id":"70c005f0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"0d168a30-363f-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"20eabd60-380b-11e7-a1cc-ebc6a7e70e84","name":"panel_2","type":"visualization"},{"id":"3c65f500-380b-11e7-a1cc-ebc6a7e70e84","name":"panel_3","type":"visualization"},{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"panel_4","type":"search"},{"id":"178209e0-6e1b-11e7-b553-7f80727663c1","name":"panel_5","type":"visualization"},{"id":"AWDG_9KpxQT5EBNmq4Oo","name":"panel_6","type":"visualization"},{"id":"453f8b90-4a58-11e8-9b0a-f1d33346f773","name":"panel_7","type":"visualization"}],"sort":[1643385898421,1805],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjA0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Chrome Extensions - Change Stats","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"osquery - ChromeExt - Change Stats\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":70}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Changes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"osquery.hostIdentifier.keyword\",\"customLabel\":\"Endpoints\"}}]}"},"coreMigrationVersion":"7.16.2","id":"71538370-18d5-11e9-932c-d12d2cf4ee95","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"0eee4360-18d4-11e9-932c-d12d2cf4ee95","name":"search_0","type":"search"}],"sort":[1643385898421,1807],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjA1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Connections - Total Bytes Per Source/Destination IP Pair","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Total Bytes\",\"field\":\"total_bytes\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_term\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Source IP\",\"field\":\"source_ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"2-orderAgg\",\"params\":{\"field\":\"total_bytes\"},\"schema\":\"orderAgg\",\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Destination IP\",\"field\":\"destination_ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"3-orderAgg\",\"params\":{\"field\":\"total_bytes\"},\"schema\":\"orderAgg\",\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Connections - Total Bytes Per Source/Destination IP Pair\",\"type\":\"table\"}"},"coreMigrationVersion":"7.16.2","id":"726cc040-48cf-11e8-9576-313be7c6b44b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1809],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjA2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - File Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMB - File Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Name\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"72f0f010-3aaf-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,1811],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjA3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Log Type Per Sensor/Device","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Log Type Per Sensor/Device\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-host_from.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sensor/Device\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Log Type\"}}]}"},"coreMigrationVersion":"7.16.2","id":"733ce440-494d-11e8-9576-313be7c6b44b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1813],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjA4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"X.509 - Certificate Signing Algorithm","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"X.509 - Certificate Signing Algorithm\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"certificate_signing_algorithm.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Algorithm\"}}]}"},"coreMigrationVersion":"7.16.2","id":"738127f0-37d7-11e7-9efb-91e89505091f","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1815],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjA5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FTP - Command","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - FTP - Command\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ftp.command.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.16.2","id":"d3435690-755f-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1817],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjEwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FTP - User","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"User\",\"field\":\"ftp.user.keyword\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"/kibana\",\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\"}}},\"label\":\"ftp.user.keyword: Descending\",\"params\":{}}],\"metrics\":[{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Security Onion - FTP - User\",\"type\":\"table\"}"},"coreMigrationVersion":"7.16.2","id":"8346bc70-7561-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1819],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjExLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FTP - Password","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - FTP - Password\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ftp.password.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ftp.password.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Password\"}}]}"},"coreMigrationVersion":"7.16.2","id":"bc3e2bd0-7561-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1821],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjEyLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:ftp\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"728d0151-5dc6-429d-9b14-b457ab73d3fd\"},\"panelIndex\":\"728d0151-5dc6-429d-9b14-b457ab73d3fd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":15,\"h\":8,\"i\":\"1b99097d-a957-4163-9810-263a0e653c18\"},\"panelIndex\":\"1b99097d-a957-4163-9810-263a0e653c18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":8,\"i\":\"43bb3cf4-ee4a-4eba-8eea-8e133957fd48\"},\"panelIndex\":\"43bb3cf4-ee4a-4eba-8eea-8e133957fd48\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"87f23747-38c9-4d15-a85b-8beff66abaf4\"},\"panelIndex\":\"87f23747-38c9-4d15-a85b-8beff66abaf4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"d10ae5ac-6400-4a2c-a376-e6e74ed529ad\"},\"panelIndex\":\"d10ae5ac-6400-4a2c-a376-e6e74ed529ad\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":18,\"y\":8,\"w\":13,\"h\":19,\"i\":\"1bf79bc6-8595-41e0-8a7e-2b21bd2bd928\"},\"panelIndex\":\"1bf79bc6-8595-41e0-8a7e-2b21bd2bd928\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":31,\"y\":8,\"w\":17,\"h\":19,\"i\":\"e244437a-17a5-4e00-9176-f4e88ac54938\"},\"panelIndex\":\"e244437a-17a5-4e00-9176-f4e88ac54938\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":22,\"h\":16,\"i\":\"9196bb67-30ad-4a8e-b75f-22a9cced6f35\"},\"panelIndex\":\"9196bb67-30ad-4a8e-b75f-22a9cced6f35\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":22,\"y\":27,\"w\":26,\"h\":16,\"i\":\"9da1ff1b-aebe-45fb-9e48-420eafb1b655\"},\"panelIndex\":\"9da1ff1b-aebe-45fb-9e48-420eafb1b655\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":43,\"w\":48,\"h\":28,\"i\":\"c57349cc-4699-4d52-b386-14e1d1260c87\"},\"panelIndex\":\"c57349cc-4699-4d52-b386-14e1d1260c87\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Security Onion - FTP","version":1},"coreMigrationVersion":"7.16.2","id":"739bfad0-755a-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"d3435690-755f-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"5fcdb0c0-755f-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"8346bc70-7561-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"bc3e2bd0-7561-11ea-9565-7315f4ee5cac","name":"panel_8","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_9","type":"search"}],"sort":[1643385898421,1832],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjEzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - \"From\" Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - \\\"From\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mail_from.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"From\\\" Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"73b1b240-39a2-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1834],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjE0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - User Agent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"73f663f0-3753-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1836],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjE1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND highest_registered_domain:securityonion.net~ -securityonion.net\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"DNS - Phishing Attempts Against Organizational Domain(s)","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 0\":\"rgb(0,104,55)\",\"1 - 999999\":\"rgb(165,0,38)\"}}}","version":1,"visState":"{\"title\":\"DNS - Phishing Attempts Against Organizational Domain(s)\",\"type\":\"gauge\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"gauge\":{\"extendRange\":true,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":0},{\"from\":1,\"to\":999999}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":true,\"labels\":false,\"color\":\"#333\"},\"type\":\"meter\",\"style\":{\"bgWidth\":0.9,\"width\":0.9,\"mask\":false,\"bgMask\":false,\"maskBars\":50,\"bgFill\":\"#eee\",\"bgColor\":false,\"subText\":\"Edit this to reflect your domain(s)\",\"fontSize\":60,\"labelColor\":true},\"alignment\":\"horizontal\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Phishing attempts against your domain(s)\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"74861280-6f06-11e7-b253-211f64f37eda","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1838],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjE2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Cookie","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RDP - Cookie\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"cookie.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Cookie\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"75597b60-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1840],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjE3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Tunnels - Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Tunnels - Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"tunnel.type.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tunnel.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"}}]}"},"coreMigrationVersion":"7.16.2","id":"781447d0-75ef-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1842],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjE4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:intel\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Intel - Indicator Type (Donut)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Intel - Indicator Type (Donut)\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"intel.indicator_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator Type\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true}}"},"coreMigrationVersion":"7.16.2","id":"78185810-0e61-11eb-a255-e1e8e85e3571","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1844],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjE5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Chrome Extensions - Sensitive Permissions","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"osquery - Chrome Extensions - Sensitive Permissions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.columns.name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Extension Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.columns.permissions.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Permissions\"}}]}"},"coreMigrationVersion":"7.16.2","id":"78cf8bf0-1a59-11e9-ac0b-cb0ba10141ab","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"040dda10-18d8-11e9-932c-d12d2cf4ee95","name":"search_0","type":"search"}],"sort":[1643385898421,1846],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjIwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"MySQL - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"MySQL - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHBRrrxQT5EBNmq4TI","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1848],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjIxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"MySQL - Response","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"MySQL - Response\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"response.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response\"}}]}"},"coreMigrationVersion":"7.16.2","id":"9c411ad0-4a58-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1850],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjIyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"MySQL - Success","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"MySQL - Success\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mysql_success.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"7.16.2","id":"c48925a0-4a58-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1852],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjIzLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":8,\"y\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"z16.04 - Bro - MySQL","version":1},"coreMigrationVersion":"7.16.2","id":"7929f430-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"5d9031a0-363f-11e7-a6f7-4f44d7bf1c33","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"07e25650-3812-11e7-a1cc-ebc6a7e70e84","name":"panel_2","type":"visualization"},{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"panel_3","type":"search"},{"id":"AWDHBRrrxQT5EBNmq4TI","name":"panel_4","type":"visualization"},{"id":"9c411ad0-4a58-11e8-9b0a-f1d33346f773","name":"panel_5","type":"visualization"},{"id":"c48925a0-4a58-11e8-9b0a-f1d33346f773","name":"panel_6","type":"visualization"}],"sort":[1643385898421,1860],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjI0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FIle - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - FIle - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Name\"}}]}"},"coreMigrationVersion":"7.16.2","id":"7a88adc0-75f0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1862],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjI1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Client Version","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Client Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client_major_version.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client_minor_version.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"7c1e3f70-6e22-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1864],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjI2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMTP - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"7c922990-3640-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1866],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjI3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_http AND _exists_:virtual_host_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"HTTP - Virtual Host Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Virtual Host Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"virtual_host_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"virtual_host.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Virtual Host\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"7d1ede50-6f19-11e7-86c8-a1b6db3b051a","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1868],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjI4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSH - Authentication Sucess","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SSH - Authentication Sucess\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssh.authentication.success: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.authentication.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Success\"}}]}"},"coreMigrationVersion":"7.16.2","id":"7d61f430-75ea-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1870],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjI5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SNMP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"7dc62970-6e2a-11e7-8b76-75eee0095daa","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1872],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjMwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"PE - Machine","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"PE - Machine\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"machine.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Machine\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"7de76e10-6e1f-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1874],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjMxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND _exists_:highest_registered_domain_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"DNS - Highest Registered Domain Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Highest Registered Domain Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"highest_registered_domain_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"highest_registered_domain.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"7f1f00a0-6f04-11e7-b253-211f64f37eda","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1876],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjMyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Alerts Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NIDS - Alerts Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"d58ec1a0-34e4-11e7-9669-7f1d3242b798","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1878],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjMzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS Alerts - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS Alerts - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"a6df8820-399f-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1880],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjM0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS Alerts - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS Alerts - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"db04aef0-399f-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1882],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjM1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS Alerts - Severity (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NIDS Alerts - Severity (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"priority.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Priority\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"ba60bcf0-3af5-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1884],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjM2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Alerts By Country (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"NIDS - Alerts By Country (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"title\":{\"text\":\"Country\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"81de16f0-6e0f-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1886],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjM3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Alert Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"NIDS - Alert Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDG3ym0xQT5EBNmq3mG","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1888],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjM4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NIDS - Alert Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Alert Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Alert\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}"},"coreMigrationVersion":"7.16.2","id":"96c2cf10-4a3d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1890],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjM5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NIDS - Classification","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Classification\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"classification.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Classification\"}}]}"},"coreMigrationVersion":"7.16.2","id":"d66d54c0-4c89-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1892],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjQwLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":68,\"x\":0,\"y\":120,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":96,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":96,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":72,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":72,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":12,\"x\":8,\"y\":32,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":28,\"x\":0,\"y\":44,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":72,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":8,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"}]","timeRestore":false,"title":"z16.04 - NIDS","version":1},"coreMigrationVersion":"7.16.2","id":"7f27a830-34e5-11e7-9669-7f1d3242b798","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"d58ec1a0-34e4-11e7-9669-7f1d3242b798","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"panel_2","type":"search"},{"id":"a6df8820-399f-11e7-8472-0151e5b2b475","name":"panel_3","type":"visualization"},{"id":"db04aef0-399f-11e7-8472-0151e5b2b475","name":"panel_4","type":"visualization"},{"id":"620283e0-3af5-11e7-a83b-b1b4da7d15f4","name":"panel_5","type":"visualization"},{"id":"ba60bcf0-3af5-11e7-a83b-b1b4da7d15f4","name":"panel_6","type":"visualization"},{"id":"45464b50-3af6-11e7-a83b-b1b4da7d15f4","name":"panel_7","type":"visualization"},{"id":"81de16f0-6e0f-11e7-8624-1fb07dd76c6a","name":"panel_8","type":"visualization"},{"id":"AWDG3ym0xQT5EBNmq3mG","name":"panel_9","type":"visualization"},{"id":"96c2cf10-4a3d-11e8-9b0a-f1d33346f773","name":"panel_10","type":"visualization"},{"id":"3f040620-4a44-11e8-9b0a-f1d33346f773","name":"panel_11","type":"visualization"},{"id":"d66d54c0-4c89-11e8-9b0a-f1d33346f773","name":"panel_12","type":"visualization"}],"sort":[1643385898421,1906],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjQxLDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"7da5ad1e-8383-4383-9a2c-dfa2fc91eea5":{"columnOrder":["0592df0d-869f-422f-ba64-848d9e3b5e66","a451bb62-c37e-4924-9c6a-fea87810af73","0c7b1b6a-1659-4cf8-97b2-9f3e0a4e14e1"],"columns":{"0592df0d-869f-422f-ba64-848d9e3b5e66":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Logs Over Time By Top 10 Hosts","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"0c7b1b6a-1659-4cf8-97b2-9f3e0a4e14e1","type":"column"},"orderDirection":"desc","otherBucket":true,"size":10},"scale":"ordinal","sourceField":"host.name"},"0c7b1b6a-1659-4cf8-97b2-9f3e0a4e14e1":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"a451bb62-c37e-4924-9c6a-fea87810af73":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"accessors":["0c7b1b6a-1659-4cf8-97b2-9f3e0a4e14e1"],"layerId":"7da5ad1e-8383-4383-9a2c-dfa2fc91eea5","layerType":"data","position":"top","seriesType":"line","showGridlines":false,"splitAccessor":"0592df0d-869f-422f-ba64-848d9e3b5e66","xAccessor":"a451bb62-c37e-4924-9c6a-fea87810af73"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"line","title":"Empty XY chart","valueLabels":"hide","yLeftExtent":{"mode":"full"},"yRightExtent":{"mode":"full"}}},"title":"Endgame - Logs Over Time By Top 10 Hosts","visualizationType":"lnsXY"},"coreMigrationVersion":"7.16.2","id":"7f34e6e0-624d-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-7da5ad1e-8383-4383-9a2c-dfa2fc91eea5","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,1910],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjQyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Destination - Top Connection Duration (Tile Map)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Destination - Top Connection Duration (Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"duration\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"7f7492d0-46c4-11e7-a82e-d97152153689","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1912],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjQzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Host - MAC","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Host - MAC\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.mac.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC\"}}]}"},"coreMigrationVersion":"7.16.2","id":"eaa31ba0-7374-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1914],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjQ0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Requested Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DHCP - Requested Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dhcp.requested_address.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Requested Address\"}}]}"},"coreMigrationVersion":"7.16.2","id":"9a693c50-7374-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1916],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjQ1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Assigned Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DHCP - Assigned Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dhcp.assigned_ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Assigned Address\"}}]}"},"coreMigrationVersion":"7.16.2","id":"cc3aaf20-7374-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1918],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjQ2LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:dhcp\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"7e10f47b-2096-452d-9b40-be150226504f\"},\"panelIndex\":\"7e10f47b-2096-452d-9b40-be150226504f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":10,\"h\":9,\"i\":\"a795e5b9-2afd-43ef-91db-cd9c23a996f9\"},\"panelIndex\":\"a795e5b9-2afd-43ef-91db-cd9c23a996f9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":9,\"i\":\"d0f65b83-17cd-4a8c-950d-06e5e88bf80b\"},\"panelIndex\":\"d0f65b83-17cd-4a8c-950d-06e5e88bf80b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":20,\"i\":\"c5565d1e-719c-4401-b886-1ad84638b855\"},\"panelIndex\":\"c5565d1e-719c-4401-b886-1ad84638b855\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":20,\"i\":\"ada9481a-335b-4091-ac4e-5f94c96e4cea\"},\"panelIndex\":\"ada9481a-335b-4091-ac4e-5f94c96e4cea\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":9,\"w\":8,\"h\":20,\"i\":\"bcba795f-8008-4f91-887d-35b5aff11022\"},\"panelIndex\":\"bcba795f-8008-4f91-887d-35b5aff11022\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":9,\"w\":7,\"h\":20,\"i\":\"a9615bc2-7e50-4a88-be1c-53eb7096e093\"},\"panelIndex\":\"a9615bc2-7e50-4a88-be1c-53eb7096e093\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":31,\"y\":9,\"w\":17,\"h\":20,\"i\":\"87dce718-7595-4bb0-b1be-b2f51518f026\"},\"panelIndex\":\"87dce718-7595-4bb0-b1be-b2f51518f026\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":29,\"w\":48,\"h\":29,\"i\":\"4f1bdb3c-15b5-4d72-bc4f-96a266423272\"},\"panelIndex\":\"4f1bdb3c-15b5-4d72-bc4f-96a266423272\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - DHCP","version":1},"coreMigrationVersion":"7.16.2","id":"80625c10-96dd-11ea-814e-bb515e873c2c","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"eaa31ba0-7374-11ea-a3da-cbdb4f8a90c0","name":"panel_3","type":"visualization"},{"id":"9a693c50-7374-11ea-a3da-cbdb4f8a90c0","name":"panel_4","type":"visualization"},{"id":"cc3aaf20-7374-11ea-a3da-cbdb4f8a90c0","name":"panel_5","type":"visualization"},{"id":"2af5f980-96e2-11ea-814e-bb515e873c2c","name":"panel_6","type":"visualization"},{"id":"36200e40-c76b-11ea-bebb-37c5ab5894ea","name":"panel_7","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_8","type":"search"}],"sort":[1643385898421,1928],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjQ3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"PE - Subsystem (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"PE - Subsystem (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"subsystem.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"7.16.2","id":"807da390-380c-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1930],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjQ4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - PE - Subsytem","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.subsystem.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subsystem\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - PE - Subsytem\"}"},"coreMigrationVersion":"7.16.2","id":"80a39cb0-c762-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1932],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjQ5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - MySQL - Success","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - MySQL - Success\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"mysql.success: Descending\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Success\"}}]}"},"coreMigrationVersion":"7.16.2","id":"80aa0c60-75c0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1934],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjUwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Rule - SID","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Rule - SID\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.uuid\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Rule ID\"}}]}"},"coreMigrationVersion":"7.16.2","id":"a47ffc70-96f0-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1936],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjUxLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:alert AND event.module:suricata\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":8,\"i\":\"afb23064-13dc-4b97-b1be-cf672a6cfb56\"},\"panelIndex\":\"afb23064-13dc-4b97-b1be-cf672a6cfb56\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":7,\"y\":0,\"w\":17,\"h\":8,\"i\":\"67961875-85aa-443b-9cac-130c8783cd8d\"},\"panelIndex\":\"67961875-85aa-443b-9cac-130c8783cd8d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":8,\"i\":\"44bf55fb-18d8-4ae6-a15a-902042d3623c\"},\"panelIndex\":\"44bf55fb-18d8-4ae6-a15a-902042d3623c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":8,\"w\":19,\"h\":20,\"i\":\"cedf23aa-c331-496a-bf27-7c9c8f587d80\"},\"panelIndex\":\"cedf23aa-c331-496a-bf27-7c9c8f587d80\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":19,\"y\":8,\"w\":9,\"h\":20,\"i\":\"a2e54d3b-ee05-4d67-82d2-4ac917d9ec4b\"},\"panelIndex\":\"a2e54d3b-ee05-4d67-82d2-4ac917d9ec4b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":28,\"y\":8,\"w\":10,\"h\":20,\"i\":\"ab088b32-c40e-4a1c-9dcd-758c1ad97edc\"},\"panelIndex\":\"ab088b32-c40e-4a1c-9dcd-758c1ad97edc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":38,\"y\":8,\"w\":10,\"h\":20,\"i\":\"2faea405-e4d3-488b-adfa-373b135d2122\"},\"panelIndex\":\"2faea405-e4d3-488b-adfa-373b135d2122\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":28,\"w\":19,\"h\":18,\"i\":\"728a4c22-9a7e-4152-a4d6-eed2d728abb8\"},\"panelIndex\":\"728a4c22-9a7e-4152-a4d6-eed2d728abb8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":19,\"y\":28,\"w\":19,\"h\":18,\"i\":\"32459b34-f7be-4ac0-a672-7a9697ce3bca\"},\"panelIndex\":\"32459b34-f7be-4ac0-a672-7a9697ce3bca\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":38,\"y\":28,\"w\":10,\"h\":18,\"i\":\"0681c2c1-531d-4f5e-a73f-8382789cbd14\"},\"panelIndex\":\"0681c2c1-531d-4f5e-a73f-8382789cbd14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":46,\"w\":48,\"h\":20,\"i\":\"b7ad7fb7-60d2-4a1c-b71a-c438626507af\"},\"panelIndex\":\"b7ad7fb7-60d2-4a1c-b71a-c438626507af\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"Security Onion - Alerts - Suricata","version":1},"coreMigrationVersion":"7.16.2","id":"81057f40-7733-11ea-bee5-af7f7c7b8e05","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"508fb520-72af-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"a37b9fa0-72b0-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"visualization"},{"id":"f7e1d570-72ae-11ea-8dd2-9d8795a1200b","name":"panel_8","type":"visualization"},{"id":"a47ffc70-96f0-11ea-814e-bb515e873c2c","name":"panel_9","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_10","type":"search"}],"sort":[1643385898421,1948],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjUyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - Response From","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - Response From\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.response.from.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.response.from.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Response From\"}}]}"},"coreMigrationVersion":"7.16.2","id":"81a1a740-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1950],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjUzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"8261cf00-366e-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1952],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjU0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SNMP - Community String","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SNMP - Community String\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"community.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Community String\"}}]}"},"coreMigrationVersion":"7.16.2","id":"83a91450-4c79-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1954],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjU1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network Data Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Network Data Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":true},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":true,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT30M\",\"intervalESValue\":30,\"intervalESUnit\":\"m\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-03-24T15:15:25.819Z\",\"max\":\"2020-03-25T15:15:25.819Z\"}},\"label\":\"@timestamp per 30 minutes\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\",\"mode\":\"quick\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"7.16.2","id":"8491c4b0-6eab-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1643385898421,1956],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjU2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DHCP - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DHCP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"e9a7fe80-357b-11e7-ac34-8965f6420c51","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1958],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjU3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DHCP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"DHCP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDG80RwxQT5EBNmq38x","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1960],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjU4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DHCP - Message Types","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - Message Types\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"message_types.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message Types\"}}]}"},"coreMigrationVersion":"7.16.2","id":"a88e1020-0edb-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1962],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjU5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DHCP - Domain Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - Domain Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"domain_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Domain Name\"}}]}"},"coreMigrationVersion":"7.16.2","id":"ce859b40-0edb-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1964],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjYwLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":76,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":21,\"y\":52,\"w\":13,\"h\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":52,\"w\":13,\"h\":24,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":40,\"h\":25,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":76,\"w\":48,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":34,\"y\":52,\"w\":14,\"h\":24,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":33,\"w\":26,\"h\":19,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":34,\"y\":33,\"w\":14,\"h\":19,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"z16.04 - Bro - DHCP","version":1},"coreMigrationVersion":"7.16.2","id":"85348270-357b-11e7-ac34-8965f6420c51","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"e9a7fe80-357b-11e7-ac34-8965f6420c51","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"1055ada0-3655-11e7-baa7-b7de4ee40605","name":"panel_2","type":"visualization"},{"id":"317f8410-3655-11e7-baa7-b7de4ee40605","name":"panel_3","type":"visualization"},{"id":"AWDG80RwxQT5EBNmq38x","name":"panel_4","type":"visualization"},{"id":"4e877100-4a48-11e8-9b0a-f1d33346f773","name":"panel_5","type":"visualization"},{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"panel_6","type":"search"},{"id":"58c84f60-0edb-11e9-9846-59f545e7293f","name":"panel_7","type":"visualization"},{"id":"a88e1020-0edb-11e9-9846-59f545e7293f","name":"panel_8","type":"visualization"},{"id":"ce859b40-0edb-11e9-9846-59f545e7293f","name":"panel_9","type":"visualization"}],"sort":[1643385898421,1975],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjYxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:intel\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Intel - Indicator","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Intel - Indicator\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"intel.indicator.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"row\":true,\"showToolbar\":true}}"},"coreMigrationVersion":"7.16.2","id":"db8c57c0-0e5c-11eb-a255-e1e8e85e3571","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1977],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjYyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:intel\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Intel - Source","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Intel - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"intel.sources.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"7.16.2","id":"b4222d00-0e60-11eb-a255-e1e8e85e3571","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1979],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjYzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Intel - Seen Where","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Intel - Seen Where\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"intel.seen_where.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Seen Where\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"7.16.2","id":"ec57d300-0e60-11eb-a255-e1e8e85e3571","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1981],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjY0LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:intel\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"a9613b03-8b84-4149-9dfa-5b059c1e0e70\"},\"panelIndex\":\"a9613b03-8b84-4149-9dfa-5b059c1e0e70\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":9,\"i\":\"77e957c4-13ac-480c-b799-0bd39559781b\"},\"panelIndex\":\"77e957c4-13ac-480c-b799-0bd39559781b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":9,\"i\":\"722a0294-a47b-4cd1-85c0-37f9933552c5\"},\"panelIndex\":\"722a0294-a47b-4cd1-85c0-37f9933552c5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":10,\"h\":21,\"i\":\"a008c6c0-0e76-4dc6-802b-72d68ad0c10d\"},\"panelIndex\":\"a008c6c0-0e76-4dc6-802b-72d68ad0c10d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":10,\"y\":9,\"w\":10,\"h\":21,\"i\":\"0adce98b-c9e8-469b-8cac-fb4ceb35b68a\"},\"panelIndex\":\"0adce98b-c9e8-469b-8cac-fb4ceb35b68a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":20,\"y\":9,\"w\":13,\"h\":21,\"i\":\"2b95ef19-525e-4659-8ab3-67cb0e9dc41a\"},\"panelIndex\":\"2b95ef19-525e-4659-8ab3-67cb0e9dc41a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":21,\"i\":\"bde38fe7-9aec-4e19-b9fe-035ee6a66ef7\"},\"panelIndex\":\"bde38fe7-9aec-4e19-b9fe-035ee6a66ef7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":30,\"w\":24,\"h\":15,\"i\":\"2fa3b43b-f3b3-4eeb-8f32-1a3f2ccfc6c0\"},\"panelIndex\":\"2fa3b43b-f3b3-4eeb-8f32-1a3f2ccfc6c0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":24,\"y\":30,\"w\":24,\"h\":15,\"i\":\"79c4ec17-8411-49d8-82af-6921a321dd3b\"},\"panelIndex\":\"79c4ec17-8411-49d8-82af-6921a321dd3b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":34,\"i\":\"779d2461-4d8a-4254-b380-26650a52a026\"},\"panelIndex\":\"779d2461-4d8a-4254-b380-26650a52a026\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Security Onion - Intel","version":1},"coreMigrationVersion":"7.16.2","id":"85b529a0-0e5a-11eb-a255-e1e8e85e3571","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"db8c57c0-0e5c-11eb-a255-e1e8e85e3571","name":"panel_5","type":"visualization"},{"id":"b4222d00-0e60-11eb-a255-e1e8e85e3571","name":"panel_6","type":"visualization"},{"id":"6b109430-0e60-11eb-a255-e1e8e85e3571","name":"panel_7","type":"visualization"},{"id":"ec57d300-0e60-11eb-a255-e1e8e85e3571","name":"panel_8","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_9","type":"search"}],"sort":[1643385898421,1992],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjY1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMB - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per minute\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"85e40a70-3aac-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,1994],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjY2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Authentication Status (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RFB - Authentication Status (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"auth.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Authentication Status\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"869e3030-371e-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,1996],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjY3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Modbus - Exception","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Modbus - Exception\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"modbus.exception.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"modbus.exception.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Exception\"}}]}"},"coreMigrationVersion":"7.16.2","id":"93cdb730-75be-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,1998],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjY4LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:modbus\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"dcdc1d0b-bec1-402d-a34b-39464e9a2749\"},\"panelIndex\":\"dcdc1d0b-bec1-402d-a34b-39464e9a2749\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"ccbb40c9-d2e4-4592-a91f-b1f6912a35f9\"},\"panelIndex\":\"ccbb40c9-d2e4-4592-a91f-b1f6912a35f9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"32fd8cfa-64ad-41d7-b4f7-2c71f351916a\"},\"panelIndex\":\"32fd8cfa-64ad-41d7-b4f7-2c71f351916a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":19,\"i\":\"b15f438a-6f24-4099-90e6-d66f950029bc\"},\"panelIndex\":\"b15f438a-6f24-4099-90e6-d66f950029bc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":8,\"h\":19,\"i\":\"089f29d5-cf23-4b6a-8b80-27911ffd6b1a\"},\"panelIndex\":\"089f29d5-cf23-4b6a-8b80-27911ffd6b1a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":8,\"w\":14,\"h\":19,\"i\":\"4154e8b1-e314-4623-aaf4-0404a108551a\"},\"panelIndex\":\"4154e8b1-e314-4623-aaf4-0404a108551a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":8,\"w\":18,\"h\":19,\"i\":\"8acbc44d-4fe2-42b0-a6e9-4a3bc4e4aeb6\"},\"panelIndex\":\"8acbc44d-4fe2-42b0-a6e9-4a3bc4e4aeb6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":29,\"i\":\"c4d3c93a-746f-4edc-835c-66f1380fc5d4\"},\"panelIndex\":\"c4d3c93a-746f-4edc-835c-66f1380fc5d4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Modbus","version":1},"coreMigrationVersion":"7.16.2","id":"886a7b90-75bd-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"62449800-75be-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"93cdb730-75be-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"search"}],"sort":[1643385898421,2007],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjY5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"PE - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"PE - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"9cffd160-363f-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2009],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjcwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"PE - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"PE - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHCUeZxQT5EBNmq4Xy","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2011],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjcxLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":16,\"x\":28,\"y\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":16,\"x\":8,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":28,\"x\":0,\"y\":48,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"columns\":[\"fuid\",\"machine\",\"is_exe\",\"is_64bit\",\"subsystem\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":24,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":24,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"z16.04 - Bro - PE","version":1},"coreMigrationVersion":"7.16.2","id":"8a10e380-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"9cffd160-363f-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"45c4ae10-380c-11e7-a1cc-ebc6a7e70e84","name":"panel_2","type":"visualization"},{"id":"807da390-380c-11e7-a1cc-ebc6a7e70e84","name":"panel_3","type":"visualization"},{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"panel_4","type":"search"},{"id":"4e56b4d0-416f-11e7-9850-b78558d0ac17","name":"panel_5","type":"visualization"},{"id":"7de76e10-6e1f-11e7-b553-7f80727663c1","name":"panel_6","type":"visualization"},{"id":"AWDHCUeZxQT5EBNmq4Xy","name":"panel_7","type":"visualization"}],"sort":[1643385898421,2020],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjcyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSH - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"8a60eb50-365f-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2022],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjczLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSH - HASSH","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSH - HASSH\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hash.hassh.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.16.2","id":"8afa5f50-75eb-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2024],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mjc0LDE1XQ=="} -{"attributes":{"description":"based on the Endgame - Categories with Full Event Type viz, modded by rlp 20211220","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - Event Categories","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}","version":1,"visState":"{\"title\":\"Endgame - Event Categories\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"event.category\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"showToolbar\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"row\":true}}"},"coreMigrationVersion":"7.16.2","id":"8b3bb5c0-61af-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,2027],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mjc1LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"129a936c-78f7-4b8a-91a7-712c80565727":{"columnOrder":["4335200b-f044-42ae-88fb-5a21866cebe0","b9c21cd1-839b-4e12-b602-b834e52e378e","4c86d61d-2f88-4bfc-b2be-474179593cba"],"columns":{"4335200b-f044-42ae-88fb-5a21866cebe0":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"type","operationType":"terms","params":{"missingBucket":true,"orderBy":{"columnId":"4c86d61d-2f88-4bfc-b2be-474179593cba","type":"column"},"orderDirection":"desc","otherBucket":true,"size":10},"scale":"ordinal","sourceField":"type"},"4c86d61d-2f88-4bfc-b2be-474179593cba":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","scale":"ratio","sourceField":"Records"},"b9c21cd1-839b-4e12-b602-b834e52e378e":{"customLabel":true,"dataType":"ip","isBucketed":true,"label":"host.ip","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"4c86d61d-2f88-4bfc-b2be-474179593cba","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"host.ip"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.category","negate":false,"params":{"query":"registry"},"type":"phrase"},"query":{"match_phrase":{"event.category":"registry"}}}],"query":{"language":"kuery","query":""},"visualization":{"columns":[{"columnId":"4335200b-f044-42ae-88fb-5a21866cebe0","isTransposed":false},{"columnId":"b9c21cd1-839b-4e12-b602-b834e52e378e","isTransposed":false},{"columnId":"4c86d61d-2f88-4bfc-b2be-474179593cba","isTransposed":false}],"layerId":"129a936c-78f7-4b8a-91a7-712c80565727","layerType":"data"}},"title":"Endgame - Registry Type","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"8d1f99e0-6e45-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-129a936c-78f7-4b8a-91a7-712c80565727","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,2032],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mjc2LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"3b6026b4-9c36-4fbc-9f90-bd5580303bea":{"columnOrder":["d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721","ff0a89b4-427d-4739-bb83-86794a1f4289"],"columns":{"d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"user.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"ff0a89b4-427d-4739-bb83-86794a1f4289","type":"column"},"orderDirection":"desc","otherBucket":true,"size":20},"scale":"ordinal","sourceField":"user.name"},"ff0a89b4-427d-4739-bb83-86794a1f4289":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","scale":"ratio","sourceField":"Records"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":"event.kind : \"alert\" "},"visualization":{"columns":[{"columnId":"d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721"},{"columnId":"ff0a89b4-427d-4739-bb83-86794a1f4289"}],"layerId":"3b6026b4-9c36-4fbc-9f90-bd5580303bea","layerType":"data"}},"title":"Endgame - Alerted Users","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"8da24210-6cbe-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-3b6026b4-9c36-4fbc-9f90-bd5580303bea","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,2036],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mjc3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Notice Generated (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Weird - Notice Generated (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"notice.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"8dbbbed0-364e-11e7-9dc3-d35061cb642d","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2038],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mjc4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RDP - Client Build","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RDP - Client Build\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client_build.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client Build\"}}]}"},"coreMigrationVersion":"7.16.2","id":"8e18ee60-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2040],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mjc5LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"367cf35f-001a-4014-acc6-677bc504a945":{"columnOrder":["6170616f-f2d9-47b9-8bdd-aeb746b4b2cb","217236ba-3def-46da-8aa0-3c41d3484a50"],"columns":{"217236ba-3def-46da-8aa0-3c41d3484a50":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"6170616f-f2d9-47b9-8bdd-aeb746b4b2cb":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"event.type","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"217236ba-3def-46da-8aa0-3c41d3484a50","type":"column"},"orderDirection":"desc","otherBucket":true,"size":5},"scale":"ordinal","sourceField":"event.type"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.category","negate":false,"params":{"query":"file"},"type":"phrase"},"query":{"match_phrase":{"event.category":"file"}}}],"query":{"language":"kuery","query":""},"visualization":{"columns":[{"columnId":"6170616f-f2d9-47b9-8bdd-aeb746b4b2cb"},{"columnId":"217236ba-3def-46da-8aa0-3c41d3484a50"}],"layerId":"367cf35f-001a-4014-acc6-677bc504a945","layerType":"data"}},"title":"Endgame - File Event Type","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"8f2285f0-6d6d-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-367cf35f-001a-4014-acc6-677bc504a945","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,2045],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjgwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl AND _exists_:certificate_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"SSL - Certificate Common Name Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Certificate Common Name Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"certificate_common_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_common_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Common Name\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"8fa702e0-6f0b-11e7-9d31-23c0596994a7","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2047],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjgxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Files - MIME Type","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Files - MIME Type\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.mimetype.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"file.mimetype.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MIMEType\"}}]}"},"coreMigrationVersion":"7.16.2","id":"8fb3c480-75f2-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2049],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjgyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"All Sensors - Log Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"All Sensors - Log Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Log Type(s)\"}}]}"},"coreMigrationVersion":"7.16.2","id":"901bda80-a83f-11e7-893a-1b88920b2837","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"sort":[1643385898421,2051],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjgzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RADIUS - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"ccb3e270-363f-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2053],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mjg0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"b48442b0-3808-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2055],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mjg1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"cea78b70-3808-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2057],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mjg2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"b0456970-6e1f-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2059],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mjg3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"RADIUS - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHCgWzxQT5EBNmq4Y5","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2061],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mjg4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RADIUS - Username","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}]}"},"coreMigrationVersion":"7.16.2","id":"e827bab0-4a5a-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2063],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mjg5LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":32,\"w\":14,\"h\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":22,\"y\":32,\"w\":14,\"h\":24,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":56,\"w\":24,\"h\":24,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":56,\"w\":24,\"h\":24,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":80,\"w\":48,\"h\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":36,\"y\":32,\"w\":12,\"h\":24,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":24,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":24,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"z16.04 - Bro - RADIUS","version":1},"coreMigrationVersion":"7.16.2","id":"90b246c0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"ccb3e270-363f-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"b48442b0-3808-11e7-a1cc-ebc6a7e70e84","name":"panel_2","type":"visualization"},{"id":"cea78b70-3808-11e7-a1cc-ebc6a7e70e84","name":"panel_3","type":"visualization"},{"id":"10cd7190-3809-11e7-a1cc-ebc6a7e70e84","name":"panel_4","type":"visualization"},{"id":"5df79fe0-3809-11e7-a1cc-ebc6a7e70e84","name":"panel_5","type":"visualization"},{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"panel_6","type":"search"},{"id":"b0456970-6e1f-11e7-b553-7f80727663c1","name":"panel_7","type":"visualization"},{"id":"AWDHCgWzxQT5EBNmq4Y5","name":"panel_8","type":"visualization"},{"id":"e827bab0-4a5a-11e8-9b0a-f1d33346f773","name":"panel_9","type":"visualization"},{"id":"30348db0-4a5b-11e8-9b0a-f1d33346f773","name":"panel_10","type":"visualization"}],"sort":[1643385898421,2075],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjkwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SIP - Destination Country (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SIP - Destination Country (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"7.16.2","id":"90bf0a80-3750-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2077],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjkxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"\n}"},"title":"Security Onion - Rule - ID","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\"title\":\"Security Onion - Rule - ID\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.uuid\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ID\"}}]}"},"coreMigrationVersion":"7.16.2","id":"91bd9990-7737-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2079],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjkyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Log Count Over Time","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"92b202e0-76b4-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"sort":[1643385898421,2081],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MjkzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Host - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Host - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Agent Name\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"},"coreMigrationVersion":"7.16.2","id":"f03402e0-72bc-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2083],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mjk0LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.category:host\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":8,\"i\":\"c743998d-d4c5-429f-87ce-67bac2649e72\"},\"panelIndex\":\"c743998d-d4c5-429f-87ce-67bac2649e72\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":15,\"h\":8,\"i\":\"8acc6336-35b7-4c1a-b0ef-3b3ec6870b1f\"},\"panelIndex\":\"8acc6336-35b7-4c1a-b0ef-3b3ec6870b1f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":8,\"i\":\"8485e0bf-8342-42ff-82b4-eb2611191060\"},\"panelIndex\":\"8485e0bf-8342-42ff-82b4-eb2611191060\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":18,\"i\":\"ba08df96-10b9-4b30-803f-f40387867ccc\"},\"panelIndex\":\"ba08df96-10b9-4b30-803f-f40387867ccc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":7,\"h\":18,\"i\":\"254bcae3-60d3-4193-b258-6f9f3eba0af3\"},\"panelIndex\":\"254bcae3-60d3-4193-b258-6f9f3eba0af3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":15,\"y\":8,\"w\":8,\"h\":18,\"i\":\"89d115c0-ee70-4250-9742-fb3c554e69a7\"},\"panelIndex\":\"89d115c0-ee70-4250-9742-fb3c554e69a7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":23,\"y\":8,\"w\":25,\"h\":18,\"i\":\"0c1675bb-01ef-4020-95f1-3f35e0c6fad8\"},\"panelIndex\":\"0c1675bb-01ef-4020-95f1-3f35e0c6fad8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":26,\"w\":48,\"h\":20,\"i\":\"38bc9e98-7934-4d1b-89fa-1b57765086c3\"},\"panelIndex\":\"38bc9e98-7934-4d1b-89fa-1b57765086c3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Host","version":1},"coreMigrationVersion":"7.16.2","id":"92e63cc0-6ec0-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"df50eba0-6ec0-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"8b065a80-6eca-11ea-9266-1fd14ca6af34","name":"panel_3","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_4","type":"visualization"},{"id":"f03402e0-72bc-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"758187b0-72bd-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"a866be10-0e45-11eb-a255-e1e8e85e3571","name":"panel_7","type":"search"}],"sort":[1643385898421,2092],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mjk1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Content Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Content Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"content_type.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Content Type\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"930b1600-3753-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2094],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mjk2LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.module:ossec AND event.dataset:alert\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":8,\"i\":\"c2172038-7740-458c-977a-98d139c438c2\"},\"panelIndex\":\"c2172038-7740-458c-977a-98d139c438c2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":18,\"h\":8,\"i\":\"b18f1671-c1a0-44c8-946b-71bc21e62482\"},\"panelIndex\":\"b18f1671-c1a0-44c8-946b-71bc21e62482\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":26,\"y\":0,\"w\":22,\"h\":8,\"i\":\"b26faccc-11d5-4cc3-8fd2-484b5e3659bc\"},\"panelIndex\":\"b26faccc-11d5-4cc3-8fd2-484b5e3659bc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":8,\"w\":12,\"h\":19,\"i\":\"1f88747a-06f5-4450-8d08-150d0cd37667\"},\"panelIndex\":\"1f88747a-06f5-4450-8d08-150d0cd37667\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":12,\"y\":8,\"w\":11,\"h\":19,\"i\":\"0b5a83d1-8f56-4616-b0aa-af25a1995379\"},\"panelIndex\":\"0b5a83d1-8f56-4616-b0aa-af25a1995379\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":23,\"y\":8,\"w\":7,\"h\":19,\"i\":\"a4bd8139-6fdd-476e-b6ff-8dd036e0f747\"},\"panelIndex\":\"a4bd8139-6fdd-476e-b6ff-8dd036e0f747\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":30,\"y\":8,\"w\":8,\"h\":19,\"i\":\"df2cccc2-5ac2-4522-9756-76a16ba2b0ce\"},\"panelIndex\":\"df2cccc2-5ac2-4522-9756-76a16ba2b0ce\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":38,\"y\":8,\"w\":10,\"h\":19,\"i\":\"8b5674df-aad2-4af7-aa91-90a9d3e3980c\"},\"panelIndex\":\"8b5674df-aad2-4af7-aa91-90a9d3e3980c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":21,\"i\":\"365259e4-659e-4950-8e82-b8d8fc7fadca\"},\"panelIndex\":\"365259e4-659e-4950-8e82-b8d8fc7fadca\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - Wazuh","version":1},"coreMigrationVersion":"7.16.2","id":"9480f190-7732-11ea-bee5-af7f7c7b8e05","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"508fb520-72af-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"f7e1d570-72ae-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"91bd9990-7737-11ea-bee5-af7f7c7b8e05","name":"panel_5","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"407784f0-7738-11ea-bee5-af7f7c7b8e05","name":"panel_7","type":"visualization"},{"id":"a866be10-0e45-11eb-a255-e1e8e85e3571","name":"panel_8","type":"search"}],"sort":[1643385898421,2104],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mjk3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Total Number of Logs","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Total Number of Logs\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Total Number of Logs\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDGyaGxxQT5EBNmq3K9","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2106],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mjk4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Sensors - Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Sensors - Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"sensor_name.keyword\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDGzmzcxQT5EBNmq3Sj","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2108],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mjk5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Devices - Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Devices - Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"syslog-host_from.keyword\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDG0UDvxQT5EBNmq3WD","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2110],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzAwLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":64,\"x\":0,\"y\":132,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":28,\"h\":8,\"x\":20,\"y\":0,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":16,\"x\":0,\"y\":56,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":8,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":32,\"x\":32,\"y\":24,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":8,\"x\":8,\"y\":0,\"i\":\"32\"},\"panelIndex\":\"32\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":16,\"x\":32,\"y\":8,\"i\":\"33\"},\"panelIndex\":\"33\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":16,\"x\":40,\"y\":8,\"i\":\"34\"},\"panelIndex\":\"34\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":8,\"x\":0,\"y\":72,\"i\":\"35\"},\"panelIndex\":\"35\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":8,\"x\":16,\"y\":72,\"i\":\"36\"},\"panelIndex\":\"36\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":8,\"x\":32,\"y\":72,\"i\":\"37\"},\"panelIndex\":\"37\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":32,\"i\":\"38\"},\"panelIndex\":\"38\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":108,\"i\":\"39\"},\"panelIndex\":\"39\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":28,\"x\":24,\"y\":80,\"i\":\"40\"},\"panelIndex\":\"40\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_14\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":28,\"x\":0,\"y\":80,\"i\":\"41\"},\"panelIndex\":\"41\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}},\"enhancements\":{}},\"panelRefName\":\"panel_15\"}]","timeRestore":false,"title":"z16.04 - Overview","version":1},"coreMigrationVersion":"7.16.2","id":"94b52620-342a-11e7-9d52-4f090484f59e","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"panel_1","type":"search"},{"id":"1c2aeb50-365e-11e7-b896-5bdd6bfa1561","name":"panel_2","type":"visualization"},{"id":"277f3250-4161-11e7-8493-51634b0a4565","name":"panel_3","type":"visualization"},{"id":"901bda80-a83f-11e7-893a-1b88920b2837","name":"panel_4","type":"visualization"},{"id":"5b3988c0-a840-11e7-893a-1b88920b2837","name":"panel_5","type":"visualization"},{"id":"AWDGyaGxxQT5EBNmq3K9","name":"panel_6","type":"visualization"},{"id":"AWDGzmzcxQT5EBNmq3Sj","name":"panel_7","type":"visualization"},{"id":"AWDG0UDvxQT5EBNmq3WD","name":"panel_8","type":"visualization"},{"id":"AWDG1uC-xQT5EBNmq3dP","name":"panel_9","type":"visualization"},{"id":"AWDG3ym0xQT5EBNmq3mG","name":"panel_10","type":"visualization"},{"id":"AWDG4pcDxQT5EBNmq3pi","name":"panel_11","type":"visualization"},{"id":"733ce440-494d-11e8-9576-313be7c6b44b","name":"panel_12","type":"visualization"},{"id":"2a949080-4a3d-11e8-9b0a-f1d33346f773","name":"panel_13","type":"visualization"},{"id":"96c2cf10-4a3d-11e8-9b0a-f1d33346f773","name":"panel_14","type":"visualization"},{"id":"ee0ba080-4a3d-11e8-9b0a-f1d33346f773","name":"panel_15","type":"visualization"}],"sort":[1643385898421,2127],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzAxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - PE - OS","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.os.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"OS\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - PE - OS\"}"},"coreMigrationVersion":"7.16.2","id":"b449a870-c762-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2129],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzAyLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:pe\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"858c0209-49ab-4c0c-9b9c-bc71e363be32\"},\"panelIndex\":\"858c0209-49ab-4c0c-9b9c-bc71e363be32\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":12,\"h\":9,\"i\":\"94db978d-70ba-4ade-a680-1297961aa832\"},\"panelIndex\":\"94db978d-70ba-4ade-a680-1297961aa832\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":9,\"i\":\"8973a749-ddc9-4476-8946-280e748da61e\"},\"panelIndex\":\"8973a749-ddc9-4476-8946-280e748da61e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":10,\"h\":18,\"i\":\"8797e1d3-84b0-4840-9ba3-6e74f15a5f08\"},\"panelIndex\":\"8797e1d3-84b0-4840-9ba3-6e74f15a5f08\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":10,\"y\":9,\"w\":15,\"h\":18,\"i\":\"b9da8481-6781-4431-83de-c51834199de7\"},\"panelIndex\":\"b9da8481-6781-4431-83de-c51834199de7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":25,\"y\":9,\"w\":10,\"h\":18,\"i\":\"ceba5670-4f26-411e-a19a-e130cf715228\"},\"panelIndex\":\"ceba5670-4f26-411e-a19a-e130cf715228\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":35,\"y\":9,\"w\":13,\"h\":18,\"i\":\"5f1b3a55-7919-448d-897c-fc7166b283d0\"},\"panelIndex\":\"5f1b3a55-7919-448d-897c-fc7166b283d0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":29,\"i\":\"767dc27a-2b54-4360-bb34-c1a41528ad25\"},\"panelIndex\":\"767dc27a-2b54-4360-bb34-c1a41528ad25\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - PE","version":1},"coreMigrationVersion":"7.16.2","id":"94b55b90-c761-11ea-bebb-37c5ab5894ea","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"80a39cb0-c762-11ea-bebb-37c5ab5894ea","name":"panel_3","type":"visualization"},{"id":"b449a870-c762-11ea-bebb-37c5ab5894ea","name":"panel_4","type":"visualization"},{"id":"07419650-c763-11ea-bebb-37c5ab5894ea","name":"panel_5","type":"visualization"},{"id":"282bf2c0-c763-11ea-bebb-37c5ab5894ea","name":"panel_6","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"search"}],"sort":[1643385898421,2138],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzAzLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:snmp\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"752f2974-3abc-482c-afdc-c85cf5643cc6\"},\"panelIndex\":\"752f2974-3abc-482c-afdc-c85cf5643cc6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"dfa3b3da-b86b-4d11-add3-c7e18c40654b\"},\"panelIndex\":\"dfa3b3da-b86b-4d11-add3-c7e18c40654b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"4c444c07-93f9-43d2-966e-1a0db864c011\"},\"panelIndex\":\"4c444c07-93f9-43d2-966e-1a0db864c011\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"3f20fbbb-d47b-4b9e-94a0-f5f144ce0dd2\"},\"panelIndex\":\"3f20fbbb-d47b-4b9e-94a0-f5f144ce0dd2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":9,\"y\":8,\"w\":10,\"h\":19,\"i\":\"5c5850b6-1e17-4d4a-9122-8d6a6b275fb0\"},\"panelIndex\":\"5c5850b6-1e17-4d4a-9122-8d6a6b275fb0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":19,\"y\":8,\"w\":11,\"h\":19,\"i\":\"2df47b07-dcfd-46a9-a908-cd03bb3ae82e\"},\"panelIndex\":\"2df47b07-dcfd-46a9-a908-cd03bb3ae82e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":8,\"w\":18,\"h\":19,\"i\":\"7fec36da-2c28-4eef-9d15-bd5d64628d1d\"},\"panelIndex\":\"7fec36da-2c28-4eef-9d15-bd5d64628d1d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":29,\"i\":\"db2dff22-e4c1-41ea-a07d-8c0b0080cb04\"},\"panelIndex\":\"db2dff22-e4c1-41ea-a07d-8c0b0080cb04\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - SNMP","version":1},"coreMigrationVersion":"7.16.2","id":"96522610-75e8-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"424ace90-75e9-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"690ef880-75e9-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"search"}],"sort":[1643385898421,2147],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzA0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - \"To\" Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - \\\"To\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"recipient_to.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"To\\\" Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"96767400-39a2-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2149],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzA1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RDP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"fd549d70-363f-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2151],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzA2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RDP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"f9a16c80-371b-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2153],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzA3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RDP - Keyboard Layout (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RDP - Keyboard Layout (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"keyboard_layout.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Keyboard Layout\"}}]}"},"coreMigrationVersion":"7.16.2","id":"be7637c0-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2155],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzA4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RDP - Result (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RDP - Result (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"result.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Result\"}}]}"},"coreMigrationVersion":"7.16.2","id":"c4f37d70-6e20-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2157],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzA5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RDP - Encryption Level (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"RDP - Encryption Level (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0,\"filter\":true},\"title\":{\"text\":\"Encryption Level\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"encryption_level.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Encryption Level\"}}]}"},"coreMigrationVersion":"7.16.2","id":"ef307a70-6e20-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2159],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzEwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"RDP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHCvBexQT5EBNmq4aK","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2161],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzExLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":80,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":12,\"x\":36,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":56,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":56,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":12,\"x\":8,\"y\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":12,\"x\":20,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"}]","timeRestore":false,"title":"z16.04 - Bro - RDP","version":1},"coreMigrationVersion":"7.16.2","id":"97f8c3a0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"fd549d70-363f-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"panel_2","type":"search"},{"id":"f9a16c80-371b-11e7-90f8-87842d5eedc9","name":"panel_3","type":"visualization"},{"id":"0b9dea80-371c-11e7-90f8-87842d5eedc9","name":"panel_4","type":"visualization"},{"id":"19dfd180-371c-11e7-90f8-87842d5eedc9","name":"panel_5","type":"visualization"},{"id":"524e13b0-371c-11e7-90f8-87842d5eedc9","name":"panel_6","type":"visualization"},{"id":"75597b60-371c-11e7-90f8-87842d5eedc9","name":"panel_7","type":"visualization"},{"id":"8e18ee60-371c-11e7-90f8-87842d5eedc9","name":"panel_8","type":"visualization"},{"id":"be7637c0-371c-11e7-90f8-87842d5eedc9","name":"panel_9","type":"visualization"},{"id":"c4f37d70-6e20-11e7-b553-7f80727663c1","name":"panel_10","type":"visualization"},{"id":"ef307a70-6e20-11e7-b553-7f80727663c1","name":"panel_11","type":"visualization"},{"id":"AWDHCvBexQT5EBNmq4aK","name":"panel_12","type":"visualization"}],"sort":[1643385898421,2175],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzEyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSH - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"9a33f9a0-365f-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2177],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzEzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"9a54f150-366e-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2179],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzE0LDE1XQ=="} -{"attributes":{"columns":["source_ip","name","software_type"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_software\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Software - Logs","version":1},"coreMigrationVersion":"7.16.2","id":"ba3d77e0-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.9.3"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2181],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzE1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Software - Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Software - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"version_major.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"version_minor.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"software_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}}]}"},"coreMigrationVersion":"7.16.2","id":"9b0f6a80-4c7a-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"ba3d77e0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2183],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzE2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Zeek - Notice","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Zeek - Notice\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"notice.note.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Notice\"}}]}"},"coreMigrationVersion":"7.16.2","id":"9c6ccff0-7a84-11ea-9d13-57f5db13d1ed","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2185],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzE3LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[{\"meta\":{\"negate\":true,\"disabled\":true,\"alias\":\"Initial Systems/Queries\",\"type\":\"phrase\",\"key\":\"osquery.counter\",\"params\":{\"query\":0},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"osquery.counter\":{\"query\":0,\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"phrases\",\"key\":\"osquery.codename\",\"value\":\"server\",\"params\":[\"server\"],\"negate\":false,\"disabled\":true,\"alias\":\"Servers Only\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"osquery.codename\":\"server\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":64,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":27,\"w\":40,\"h\":21,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"columns\":[\"osquery.hostname\",\"osquery.name\",\"osquery.LiveQuery\",\"osquery.EndpointIP1\",\"osquery.EndpointIP2\"],\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":17,\"h\":13,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":13,\"w\":40,\"h\":14,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Changes by Type\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":13,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Changes by Hostname\",\"panelRefName\":\"panel_4\"}]","timeRestore":false,"title":"z16.04 - osquery - Overview","version":1},"coreMigrationVersion":"7.16.2","id":"9d0e2da0-14e1-11e9-82f7-0da02d93a48b","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"84116380-14e1-11e9-82f7-0da02d93a48b","name":"panel_1","type":"search"},{"id":"2f556c90-14e3-11e9-82f7-0da02d93a48b","name":"panel_2","type":"visualization"},{"id":"369e16e0-14e4-11e9-82f7-0da02d93a48b","name":"panel_3","type":"visualization"},{"id":"05a5ed10-14e4-11e9-82f7-0da02d93a48b","name":"panel_4","type":"visualization"}],"sort":[1643385898421,2193],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzE4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Top Source Ports","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Top Source Ports\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"}}]}"},"coreMigrationVersion":"7.16.2","id":"9d3413c0-6ea0-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1643385898421,2195],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzE5LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:ssh\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"b816ee0e-45c6-438d-a4ed-799d9e80a9f0\"},\"panelIndex\":\"b816ee0e-45c6-438d-a4ed-799d9e80a9f0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"cbfd7081-d82b-4e29-b21c-6e9584d67328\"},\"panelIndex\":\"cbfd7081-d82b-4e29-b21c-6e9584d67328\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"d9b0c92a-8625-4e72-8a7c-333381e17244\"},\"panelIndex\":\"d9b0c92a-8625-4e72-8a7c-333381e17244\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":10,\"h\":19,\"i\":\"766c95ce-e20f-4e88-935f-2211b7be6b65\"},\"panelIndex\":\"766c95ce-e20f-4e88-935f-2211b7be6b65\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":10,\"y\":8,\"w\":10,\"h\":19,\"i\":\"e9ec8c9e-8a76-4501-abcb-2c9c08adfc44\"},\"panelIndex\":\"e9ec8c9e-8a76-4501-abcb-2c9c08adfc44\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":20,\"y\":8,\"w\":13,\"h\":19,\"i\":\"c2747e56-14c2-4a70-a1a7-e31affae20f8\"},\"panelIndex\":\"c2747e56-14c2-4a70-a1a7-e31affae20f8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":33,\"y\":8,\"w\":15,\"h\":19,\"i\":\"ff324073-699d-4b26-b4fd-28190fa3803b\"},\"panelIndex\":\"ff324073-699d-4b26-b4fd-28190fa3803b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":17,\"h\":18,\"i\":\"248c6442-b868-4e06-bfaa-e6da2d2d7463\"},\"panelIndex\":\"248c6442-b868-4e06-bfaa-e6da2d2d7463\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":17,\"y\":27,\"w\":16,\"h\":18,\"i\":\"d24e4833-8b52-45ac-ac3f-bb31379e8380\"},\"panelIndex\":\"d24e4833-8b52-45ac-ac3f-bb31379e8380\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":33,\"y\":27,\"w\":15,\"h\":18,\"i\":\"6711f807-284e-4025-99bb-cee25c0e970d\"},\"panelIndex\":\"6711f807-284e-4025-99bb-cee25c0e970d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":29,\"i\":\"3d4c3a76-579f-494d-b87c-d594fea44d83\"},\"panelIndex\":\"3d4c3a76-579f-494d-b87c-d594fea44d83\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"Security Onion - SSH","version":1},"coreMigrationVersion":"7.16.2","id":"9dfd77e0-75eb-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"292b1db0-75ea-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"46221fe0-75ea-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"7d61f430-75ea-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"104a4a90-75eb-11ea-9565-7315f4ee5cac","name":"panel_8","type":"visualization"},{"id":"8afa5f50-75eb-11ea-9565-7315f4ee5cac","name":"panel_9","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_10","type":"search"}],"sort":[1643385898421,2207],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzIwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DCE/RPC - Endpoint","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DCE/RPC - Endpoint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dce_rpc.endpoint.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Endpoint\"}}]}"},"coreMigrationVersion":"7.16.2","id":"a427d6e0-96db-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2209],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzIxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DCE/RPC - Named Pipe","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DCE/RPC - Named Pipe\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dce_rpc.named_pipe.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Named Pipe\"}}]}"},"coreMigrationVersion":"7.16.2","id":"c2f21270-96db-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2211],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzIyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DCE/RPC - Operation","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DCE/RPC - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dce_rpc.operation.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Operation\"}}]}"},"coreMigrationVersion":"7.16.2","id":"df7989f0-96db-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2213],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzIzLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:dce_rpc\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"95dc50d5-926a-4ab3-a746-0e53f475d658\"},\"panelIndex\":\"95dc50d5-926a-4ab3-a746-0e53f475d658\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":14,\"y\":0,\"w\":14,\"h\":9,\"i\":\"5b559994-ed67-43c8-8eed-ab30fd8b3d26\"},\"panelIndex\":\"5b559994-ed67-43c8-8eed-ab30fd8b3d26\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":9,\"i\":\"4251a61c-1dcd-47b3-9866-f7ed939c73d4\"},\"panelIndex\":\"4251a61c-1dcd-47b3-9866-f7ed939c73d4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":21,\"i\":\"e74255f5-4dc6-4df0-ab24-032dd7d4bc02\"},\"panelIndex\":\"e74255f5-4dc6-4df0-ab24-032dd7d4bc02\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":21,\"i\":\"55f5c9e0-264b-44d1-9b49-0bb7890ef4bd\"},\"panelIndex\":\"55f5c9e0-264b-44d1-9b49-0bb7890ef4bd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":9,\"w\":9,\"h\":21,\"i\":\"2a33a3df-4690-4ea4-a71a-9c98cb612213\"},\"panelIndex\":\"2a33a3df-4690-4ea4-a71a-9c98cb612213\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":25,\"y\":9,\"w\":8,\"h\":21,\"i\":\"ee61c32f-e801-494f-a819-b5788bed856f\"},\"panelIndex\":\"ee61c32f-e801-494f-a819-b5788bed856f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":21,\"i\":\"f7c23591-431c-4a4c-a69b-a349c37697da\"},\"panelIndex\":\"f7c23591-431c-4a4c-a69b-a349c37697da\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":30,\"w\":48,\"h\":29,\"i\":\"f360db9a-9572-4b67-8be4-6f53084940a3\"},\"panelIndex\":\"f360db9a-9572-4b67-8be4-6f53084940a3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - DCE/RPC","version":1},"coreMigrationVersion":"7.16.2","id":"9e882df0-72c5-11ea-8dd2-9d8795a1200b","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"a427d6e0-96db-11ea-814e-bb515e873c2c","name":"panel_5","type":"visualization"},{"id":"c2f21270-96db-11ea-814e-bb515e873c2c","name":"panel_6","type":"visualization"},{"id":"df7989f0-96db-11ea-814e-bb515e873c2c","name":"panel_7","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_8","type":"search"}],"sort":[1643385898421,2223],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzI0LDE1XQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.module:osquery\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - Osquery","version":1},"coreMigrationVersion":"7.16.2","id":"9eed5fc0-afcb-11ea-b262-353d451b125b","migrationVersion":{"search":"7.9.3"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2225],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzI1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Authentication Method","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Authentication Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"authentication_method.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Authentication Method\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"bf47f4c0-371e-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2227],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzI2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"bbbe5a80-6e21-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2229],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzI3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"d6ec3570-6e21-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2231],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzI4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"e8982270-6e21-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2233],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzI5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Authentication Method (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RFB - Authentication Method (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"authentication_method.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Method\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"c24191f0-6e22-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2235],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzMwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"RFB - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHC8iGxQT5EBNmq4bs","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2237],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzMxLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\",\"time_zone\":\"America/New_York\"}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":56,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":32,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":28,\"x\":0,\"y\":104,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":56,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":56,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":80,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":80,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":80,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":12,\"x\":8,\"y\":20,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"}]","timeRestore":false,"title":"z16.04 - Bro - RFB","version":1},"coreMigrationVersion":"7.16.2","id":"9ef20ae0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"265a04d0-3640-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"869e3030-371e-11e7-90f8-87842d5eedc9","name":"panel_2","type":"visualization"},{"id":"bf47f4c0-371e-11e7-90f8-87842d5eedc9","name":"panel_3","type":"visualization"},{"id":"14274040-371f-11e7-90f8-87842d5eedc9","name":"panel_4","type":"visualization"},{"id":"63c072c0-371f-11e7-90f8-87842d5eedc9","name":"panel_5","type":"visualization"},{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"panel_6","type":"search"},{"id":"bbbe5a80-6e21-11e7-b553-7f80727663c1","name":"panel_7","type":"visualization"},{"id":"d6ec3570-6e21-11e7-b553-7f80727663c1","name":"panel_8","type":"visualization"},{"id":"e8982270-6e21-11e7-b553-7f80727663c1","name":"panel_9","type":"visualization"},{"id":"4fade7b0-6e22-11e7-b553-7f80727663c1","name":"panel_10","type":"visualization"},{"id":"7c1e3f70-6e22-11e7-b553-7f80727663c1","name":"panel_11","type":"visualization"},{"id":"c24191f0-6e22-11e7-b553-7f80727663c1","name":"panel_12","type":"visualization"},{"id":"AWDHC8iGxQT5EBNmq4bs","name":"panel_13","type":"visualization"}],"sort":[1643385898421,2252],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzMyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - Content Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - Content Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.content_type.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.content_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"}}]}"},"coreMigrationVersion":"7.16.2","id":"9ff24600-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2254],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzMzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"},\"filter\":[]}"},"title":"Help","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Help\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"markdown\":\"## Introduction\\nWelcome to the Security Onion Elastic Stack! This is our implementation of the Elastic Stack on Security Onion. The Elastic Stack consists of three primary components:\\n- `Elasticsearch` - stores logs\\n- `Logstash` - collects and enriches logs before storing them in Elasticsearch\\n- `Kibana` - web interface for visualizing logs\\n\\n## Sidebar\\nStarting on the far left side of the page, you see the Sidebar. This contains links such as:\\n- `Discover` - search data\\n- `Visualize` - create visualizations based on searches\\n- `Dashboard` - view or create dashboards based on visualizations\\n- `Timelion` - timeline analysis\\n- `Dev Tools` - query Elasticsearch directly\\n- `Management` - view or modify Kibana settings\\n- `Squert` - separate web interface for viewing NIDS and HIDS alerts\\n- `Logout` - log out of your session\\n\\nThe first six of those links are within Kibana itself. If you click one of those and then want to get back to the Dashboards area where you started, simply click the `Dashboard` link.\\n\\nClicking the `Squert` link will take you out of Kibana and into Squert. You will not be required to authenticate to Squert since you already have an active Single Sign On (SSO) session.\\n\\nClicking the `Logout` link in either Squert or Kibana will log you out of your SSO session and take you back to the logon screen.\\n\\n## Navigation Panel\\nWhen you are in the Kibana Dashboard area, the panel to the immediate right of the sidebar is the Navigation Panel and it includes links to our dashboards such as Home, Help (this page), Bro Notices, ElastAlert, HIDS, NIDS, etc. Clicking one of the links in the Navigation Panel will take you to a dashboard dedicated to that particular log type. \\n\\n## Dashboards\\nAll dashboards are designed to work at 1024x768 screen resolution in order to maximize compatibility.\\n\\n### Dashboard Hyperlinks\\n\\nThe `source_ip` and `destination_ip` fields are hyperlinked. These hyperlinks will take you to the Indicator dashboard which will help you analyze the traffic relating to that particular IP address.\\n\\n`UID` fields are also hyperlinked. This hyperlink will start a new Kibana search for that particular UID. In the case of Bro UIDs this will show you all Bro logs related to that particular connection.\\n\\nEach log entry also has an `_id` field that is hyperlinked. This hyperlink will take you to CapMe, allowing you to request full packet capture for any arbitrary log type. This assumes that the log is for tcp or udp traffic that was seen by Bro and Bro recorded it correctly in its conn.log. \\n\\n### Overview Dashboard\\nWhen you first go to the Kibana Dashboard area, you are automatically placed into the Overview dashboard, where you will see overview information, such as total number of logs and sensors. Use the information on the Overview dashboard to determine which of the other dashboards on the Navigation Panel you might want to visit next.\\n\\n### Dashboard Categories\\nOur remaining dashboards are grouped into a few categories:\\n- `Alert Data` - dashboards that display alerts created by rules or signatures\\n- `Bro Hunting` - dashboards that allow you to slice and dice network metadata for hunting\\n- `Host Hunting` - dashboards that allow you to hunt via host telemetry\\n- `Other` - dashboards that don't fit into the categories above\\n\\n### Bro Notices\\nBro sniffs network traffic and generates notices such as `SSL::Invalid Server Cert` and `TeamCymruMalwareHashRegistry::Match`.\\n\\n### ElastAlert\\nElastAlert queries Elasticsearch on a regular basis and then generates alerts based on your desired criteria. Security Onion includes two example rules that alert on new IDS events and new connection logs. You can add your own ElastAlert rules in `/etc/elastalert/rules/`.\\n\\n### HIDS\\nOSSEC analyzes log files and generates Host Intrusion Detection System alerts based on its ruleset at `/var/ossec/rules/`. You can add your own rules in `/var/ossec/rules/local_rules.xml`.\\n\\n### NIDS\\nSecurity Onion can use either Snort or Suricata to sniff network traffic and generate Network Intrusion Detection System alerts. \\n\\n### Connections\\nBro sniffs network traffic and logs connection metadata including source IP/port, destination IP/port, protocol, and number of bytes.\\n\\n### DCE/RPC\\nBro sniffs network traffic and logs DCE/RPC metadata including source IP/port, destination IP/port, operation, endpoint, and named pipe.\\n\\n### DHCP\\nBro sniffs network traffic and logs DHCP requests and responses including source IP/port, destination IP/port, and MAC addresses.\\n\\n### DNP3\\nBro sniffs network traffic and logs DNP3 metadata including source IP/port, destination IP/port, function request, function reply.\\n\\n### DNS\\nBro sniffs network traffic and logs DNS queries and answers. Bro also includes other name lookups such as Windows NetBIOS name service requests and Bonjour.\\n\\n### Files\\nBro sniffs network traffic and logs metadata related to files being transferred over the network including IP addresses, MIME type, source, and checksums.\\n\\n### FTP\\nBro sniffs network traffic and logs FTP metadata including source IP/port, destination IP/port, command, reply code, argument, and username.\\n\\n### HTTP\\nBro sniffs network traffic and logs HTTP metadata including source IP/port, destination IP/port, method, status message, MIME type, site name, referer, and user agent.\\n\\n### Intel\\nBro sniffs network traffic and watches for indicators using the Intel framework. You can add your own indicators to `/opt/bro/share/bro/intel/intel.dat`.\\n\\n### IRC\\nBro sniffs network traffic and logs IRC metadata including source IP/port, destination IP/port, command, and username.\\n\\n### Kerberos\\nBro sniffs network traffic and logs Kerberos metadata including source IP/port, destination IP/port, cipher, client, server, service, request type, and success status.\\n\\n### Modbus\\nBro sniffs network traffic and logs Modbus metadata including source IP/port, destination IP/port, and function.\\n\\n### MySQL\\nBro sniffs network traffic and logs MySQL metadata including source IP/port, destination IP/port, command/argument, status, and response.\\n\\n### NTLM\\nBro sniffs network traffic and logs NTLM metadata including source IP/port, destination IP/port, hostname, username, and status.\\n\\n### PE\\nBro sniffs network traffic and logs PE metadata including OS, subsystem, machine, and section name.\\n\\n### RADIUS\\nBro sniffs network traffic and logs RADIUS metadata including source IP/port, destination IP/port, username, and result.\\n\\n### RDP\\nBro sniffs network traffic and logs RDP metadata including source IP/port, destination IP/port, client build, keyboard layout, encryption level, and result.\\n\\n### RFB\\nBro sniffs network traffic and logs RFB metadata including source IP/port, destination IP/port, authentication method, authentication status, client version, server version, and desktop name.\\n\\n### SIP\\nBro sniffs network traffic and logs SIP metadata including source IP/port, destination IP/port, method, content type, status, uri, and user agent.\\n\\n### SMB\\nBro sniffs network traffic and logs SMB metadata including source IP/port, destination IP/port, file name, and action.\\n\\n### SMTP\\nBro sniffs network traffic and logs SMTP metadata including source IP/port, destination IP/port, from, to, subject, and user agent.\\n\\n### SNMP\\nBro sniffs network traffic and logs SNMP metadata including source IP/port, destination IP/port, version, community, and duration.\\n\\n### Software\\nBro sniffs network traffic and logs metadata relating to the kinds of software that generated that traffic including name, type, and version.\\n\\n### SSH\\nBro sniffs network traffic and logs SSH metadata including source IP/port, destination IP/port, client version, server version, and success.\\n\\n### SSL\\nBro sniffs network traffic and logs SSL metadata including source IP/port, destination IP/port, server name, certificate subject, cipher, and validation status.\\n\\n### Syslog\\nBro sniffs network traffic and logs Syslog metadata including source IP/port, destination IP/port, severity, and protocol.\\n\\n### Tunnels\\nBro sniffs network traffic and detects IP, GRE, SOCKS, TEREDO, and AVAYA tunnels. It logs metadata including source IP/port, destination IP/port, type, and action.\\n\\n### Weird\\nBro sniffs network traffic and logs protocol anomalies metadata including source IP/port, destination IP/port, and the type of anomaly.\\n\\n### X.509\\nBro sniffs network traffic and logs X.509 metadata including certificate subject, issuer, key algorithm, key length, and signing algorithm.\\n\\n### Autoruns\\nSysinternals Autoruns can identify the processes which Windows is configured to automatically run. Autoruns data can then be ingested via [Autoruns To WinEventLog](https://github.com/palantir/windows-event-forwarding/tree/master/AutorunsToWinEventLog).\\n\\n### Beats\\nElastic Beats can be deployed on endpoints to collect host telemetry and send to Logstash for storage in Elasticsearch.\\n\\n### OSSEC\\nOSSEC agents can be deployed on endpoints to collect host telemetry and send to the OSSEC Server included in Security Onion. OSSEC Alerts can be found in the Alert Data category at the top of the Navigation Panel. This OSSEC hunting dashboard will allow you to hunt through all OSSEC logs, not just alerts.\\n\\n### Sysmon\\nSysinternal Sysmon provides comprehensive telemetry for Windows hosts. Its logs can be consumed using Beats, OSSEC, or other transport mechanism.\\n\\n### Domain Stats\\nSecurity Onion includes a tool called domain_stats which will do a whois lookup on a domain name to determine the age of the domain. If enabled, this dashboard looks for baby domains that have been recently registered. Please note that domain_stats is only enabled when running in Evaluation Mode.\\n\\n### Firewall\\nFirewall logs can be consumed via syslog or other transport mechanism. Once consumed, this dashboard allows you to slice and dice those firewall logs based on source IP/port, destination IP/port, protocol, and action.\\n\\n### Frequency\\nSecurity Onion includes a tool called freq_server which can perform frequency analysis of hostnames. If enabled, this dashboard will show hostnames with a frequency analysis score that indicates that they could have been randomly generated. Please note that freq_server is only enabled when running in Evaluation Mode.\\n\\n### Stats\\nThis dashboard shows statistics for Logstash including processing times for different log types and any errors that may have occurred.\\n\\n## More Information\\nFor additional information, please refer to our documentation at:\\n\\nhttps://securityonion.net/docs/Elastic\",\"type\":\"markdown\"},\"aggs\":[]}"},"coreMigrationVersion":"7.16.2","id":"AV6-PHKnDwoBUzALqJ_c","migrationVersion":{"visualization":"7.14.0"},"references":[],"sort":[1643385898421,2255],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzM0LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":204,\"x\":8,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]","timeRestore":false,"title":"z16.04 - Help","version":1},"coreMigrationVersion":"7.16.2","id":"AV6-POJSDwoBUzALqKAg","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"AV6-PHKnDwoBUzALqJ_c","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"}],"sort":[1643385898421,2258],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzM1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl AND _exists_:issuer_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"SSL - Certificate Issuer Common Name Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Certificate Issuer Common Name Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"issuer_common_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"issuer_common_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer Common Name\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"a83f17c0-6f0b-11e7-9d31-23c0596994a7","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2260],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzM2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl AND _exists_:server_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"SSL - Certificate Server Name Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Certificate Server Name Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"server_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Server Name\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"c2e54c20-6f0b-11e7-9d31-23c0596994a7","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2262],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzM3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509 AND _exists_:certificate_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"X.509 - Certificate Common Name Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Common Name Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"certificate_common_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_common_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Common Name\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"e03ba1d0-6f0a-11e7-83d2-adea2f314dc5","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2264],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzM4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509 AND _exists_:issuer_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"X.509 - Certificate Issuer Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Issuer Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"issuer_common_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"issuer_common_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"acd38970-6f0a-11e7-83d2-adea2f314dc5","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2266],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzM5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509 AND _exists_:issuer_organization_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"X.509 - Certificate Issuer Organization Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Issuer Organization Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"issuer_organization_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"issuer_organization.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer Organization\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"c3f244c0-6f0a-11e7-83d2-adea2f314dc5","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2268],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzQwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND _exists_:parent_domain_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"DNS - Parent Domain Frequency Analysis","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\"title\":\"DNS - Parent Domain Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"parent_domain_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"highest_registered_domain.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"c9f5d3a0-6f05-11e7-b253-211f64f37eda","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2270],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzQxLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":52,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":76,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":76,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":100,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":100,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":124,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":124,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":52,\"x\":0,\"y\":0,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":80,\"x\":0,\"y\":148,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":28,\"x\":8,\"y\":24,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"z16.04 - Frequency Analysis","version":1},"coreMigrationVersion":"7.16.2","id":"AWAi5k4jAvKNGEbUWFis","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f1f00a0-6f04-11e7-b253-211f64f37eda","name":"panel_0","type":"visualization"},{"id":"7d1ede50-6f19-11e7-86c8-a1b6db3b051a","name":"panel_1","type":"visualization"},{"id":"8fa702e0-6f0b-11e7-9d31-23c0596994a7","name":"panel_2","type":"visualization"},{"id":"a83f17c0-6f0b-11e7-9d31-23c0596994a7","name":"panel_3","type":"visualization"},{"id":"c2e54c20-6f0b-11e7-9d31-23c0596994a7","name":"panel_4","type":"visualization"},{"id":"e03ba1d0-6f0a-11e7-83d2-adea2f314dc5","name":"panel_5","type":"visualization"},{"id":"acd38970-6f0a-11e7-83d2-adea2f314dc5","name":"panel_6","type":"visualization"},{"id":"c3f244c0-6f0a-11e7-83d2-adea2f314dc5","name":"panel_7","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_8","type":"visualization"},{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"panel_9","type":"search"},{"id":"c9f5d3a0-6f05-11e7-b253-211f64f37eda","name":"panel_10","type":"visualization"}],"sort":[1643385898421,2282],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzQyLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":48,\"x\":8,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":36,\"x\":0,\"y\":48,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"columns\":[\"_source\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_2\"}]","timeRestore":false,"title":"z16.04 - Baby Domains","version":1},"coreMigrationVersion":"7.16.2","id":"AWAi6wvxAvKNGEbUWO_j","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"41ec0ca0-6f13-11e7-86c8-a1b6db3b051a","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"fce833e0-6f12-11e7-86c8-a1b6db3b051a","name":"panel_2","type":"search"}],"sort":[1643385898421,2286],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzQzLDE1XQ=="} -{"attributes":{"fieldFormatMap":"{\"process_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"event_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"aa\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"aa.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"activity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"analyzer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"analyzer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"answers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"answers.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"apache2.access.body_sent.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.http_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.response_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.os_major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.os_minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.os_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.patch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.client\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"apache2.error.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.tid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.a0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.acct\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.item\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.items\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.new_auid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.new_ses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.old_auid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.old_ses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.ppid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.record_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.res\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.sequence\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"auth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_attempts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints_ca\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints_path_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"bound_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"call_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"call_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_exponent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_exponent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_after\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_before\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_number_days_valid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_permanent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_permanent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_signing_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_signing_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"checksum\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"checksum.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"class.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"classification\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"classification.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_build.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_digital_product_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_digital_product_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"community\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"community.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"company.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compile_ts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compile_ts.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compression_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compression_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connect_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connect_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"content_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"content_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cookie\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cookie.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"current_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"current_directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_passive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_channel_passive.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"desktop_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_width\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_is_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dest_is_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_city.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_latitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_latitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_longitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_region.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"details\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"details.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dir\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dir.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"direction.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"display_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"display_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container.image\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"enabled\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"enabled.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"endpoint.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry_location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry_location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"escalated_user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"escalated_user.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"established\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"established.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.AccountName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.AlgorithmName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.AuthenticationPackageName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Binary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.CommandLine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Configuration\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ConfigurationFileHash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.CreationUtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.CurrentDirectory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DestinationIp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DestinationIsIpv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DestinationPort\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Details\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceNameLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceVersionMajor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceVersionMinor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DirtyPages\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ElevatedToken\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.EventType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ExtraInfoLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ExtraInfoString\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.FilterID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.FinalStatus\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Hashes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.HiveName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.HiveNameLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Image\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ImagePath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ImpersonationLevel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Initiated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.IntegrityLevel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.IpAddress\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.IpPort\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeyFilePath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeyLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeyName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeyType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeysUpdated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LmPackageName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LogonGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LogonProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LogonType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.NewSize\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.NewTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.OldTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.OriginalSize\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ParentCommandLine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ParentImage\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ParentProcessGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ParentProcessId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.PreviousCreationUtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.PreviousTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.PrivilegeList\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ProcessGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ProcessId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ProviderName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.RestrictedAdminMode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ReturnCode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SchemaVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ServiceName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ServiceType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SourceHostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SourceIp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SourceIsIpv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SourcePort\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.StartType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.State\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SubjectDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SubjectLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SubjectUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SubjectUserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetFilename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetLinkedLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetObject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetOutboundDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetOutboundUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetUserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TerminalSessionId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TransmittedServices\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.User\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.UtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.VirtualAccount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Workstation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.WorkstationName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param10\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param11\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param12\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param13\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param14\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param15\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param16\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param17\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param19\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param20\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param21\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param22\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param4\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param7\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param8\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param9\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.serviceGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.updateGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.updateRevisionNumber\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.updateTitle\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"exception\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"exception.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_request\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_request.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileset.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileset.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"first_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"first_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow_label\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"flow_label.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"forwardable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"forwardable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"freq_virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"freq_virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"frequency_scores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"frequency_scores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"function\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"function.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_bulk_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_bulk_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_cert_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_cert_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_debug_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_debug_data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_export_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_export_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_import_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_import_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"helo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"helo.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"highest_registered_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"history\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"history.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hop_limit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hop_limit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.debug.facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.debug.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"icinga.debug.severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.main.facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.main.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"icinga.main.severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.startup.facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.startup.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"icinga.startup.severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"iin\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"iin.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"in_reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"in_reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"info_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"initiated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"initiated.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"integrity_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"integrity_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"interface\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"interface.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_offset.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_tos\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_tos.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_64bit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_64bit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_exe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_exe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_source_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_source_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_webmail\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_webmail.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_distinguished_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kafka.log.component\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kafka.log.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.trace.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.trace.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kafka.log.trace.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kex_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kex_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"keyboard_layout\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"keyboard_layout.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"keywords\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.container.image\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.container.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.namespace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.pod.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"launch_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"launch_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"lease_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"lease_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"length\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"length.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_respond\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_respond.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logged\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logged.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.log.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.log.thread\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.plugin_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.plugin_params\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.plugin_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.thread\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.took_in_millis\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.took_in_nanos\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"machine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"machine.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_date.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"matched\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"matched.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"md5.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_error\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.availability_zone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.instance_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.instance_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.machine_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.project_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mimetype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mimetype.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missing_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.error.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.error.thread_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.error.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.lock_time.sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.query_time.sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.rows_examined\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.rows_sent\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.timestamp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"n\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"named_pipe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"named_pipe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"native_file_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"native_file_system.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"next_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"next_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nginx.access.body_sent.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.http_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.response_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.os_major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.os_minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.os_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.patch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.error.connection_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.error.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nginx.error.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.error.tid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nick\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nick.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"note\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"note.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ntlm_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"num_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"object_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"offset\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"opcode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"operation.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"original_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"os.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_agent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_agent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"overflow_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"p\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"password.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.database\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"postgresql.log.query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.thread_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prev_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prev_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_arguments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_arguments.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_guid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"profile\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"profile.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"program.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prospector.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"provider_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proxied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proxied.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_class_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_type_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ra\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ra.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rcode_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"read_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reason.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"recipient_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"recipient_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"record_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"redis.log.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.log.role\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.cmd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.duration.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"referrer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rejected\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rejected.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"related_activity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"renewable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_color_depth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_color_depth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_resource\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_resource.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"result\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"result.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resumed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resumed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rows.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"san_dns\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"san_dns.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"second_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"second_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"section_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"section_names.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"security_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"security_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_node\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_node.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_where\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_where.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sensor_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sensor_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seq\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seq.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_major_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_minor_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"service.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"set_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"set_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"severity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_flag\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_flag.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signature_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"signer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"site\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"site.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sources\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sources.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stream\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_rule_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_rule_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subsystem\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subsystem.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"suppress_for\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-legacy_msghdr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-legacy_msghdr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-sourceip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sysmon_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sysmon_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.groupadd.gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.groupadd.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.dropped_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.error\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.pwd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.home\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.shell\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.uid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"target_filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"target_filename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"task\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"terminal_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"terminal_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"thread_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timed_out\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timed_out.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_accessed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_accessed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_changed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_changed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_created\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_created.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_modified.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tld.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tld.subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"top_level_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"total_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tracker_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tracker_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"traefik.access.backend_url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"traefik.access.body_sent.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.frontend_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"traefik.access.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.http_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.request_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.response_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.os_major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.os_minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.os_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.patch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"trans_depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"transaction_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ttls\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_parents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_parents.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"unparsed_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"unparsed_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"up_since\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"up_since.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uri.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user_agent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.binaryData\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.binaryDataSize\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.param1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.param2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.xml_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"useragent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_aslr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_aslr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_code_integrity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_code_integrity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_dep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_dep.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_seh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_seh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_till\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_till.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"validation_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"validation_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"value.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"warning\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"warning.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"width\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"width.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x_originating_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"xml\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"year\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"z\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"z.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","notExpandable":true,"timeFieldName":"@timestamp","title":"*:logstash-beats-*"},"coreMigrationVersion":"7.16.2","id":"AWBLHZaBRuBloj96jvrD","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"sort":[1643385898421,2287],"type":"index-pattern","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzQ0LDE1XQ=="} -{"attributes":{"columns":["computer_name","process_id","user.name","event_id","event_data.Image"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"All Beats Logs","version":1},"coreMigrationVersion":"7.16.2","id":"AWBLMr9vRuBloj96jxp1","migrationVersion":{"search":"7.9.3"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2289],"type":"search","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzQ1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Process IDs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Beats - Process IDs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process_id\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWBLN7X2RuBloj96jxxY","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2291],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzQ2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Computer Names","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Beats - Computer Names\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"computer_name.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWBLNriuRuBloj96jxv3","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2293],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzQ3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Event IDs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Beats - Event IDs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event_id\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWBLOT8MRuBloj96jx0N","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2295],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzQ4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Usernames","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\"title\":\"Beats - Usernames\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWBLONJCRuBloj96jxzY","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2297],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzQ5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Beats - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"line\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWBLQ2__RuBloj96jyDn","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2299],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzUwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Beats - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHHHR8xQT5EBNmq4z7","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2301],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzUxLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":44,\"x\":0,\"y\":56,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"columns\":[\"computer_name\",\"process_id\",\"user.name\",\"event_id\",\"event_data.Image\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":8,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":32,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":32,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":28,\"h\":8,\"x\":20,\"y\":0,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":8,\"x\":8,\"y\":0,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"z16.04 - Beats","version":1},"coreMigrationVersion":"7.16.2","id":"AWBLNS3CRuBloj96jxub","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"AWBLMr9vRuBloj96jxp1","name":"panel_0","type":"search"},{"id":"AWBLNriuRuBloj96jxv3","name":"panel_1","type":"visualization"},{"id":"AWBLN7X2RuBloj96jxxY","name":"panel_2","type":"visualization"},{"id":"AWBLOT8MRuBloj96jx0N","name":"panel_3","type":"visualization"},{"id":"AWBLONJCRuBloj96jxzY","name":"panel_4","type":"visualization"},{"id":"AWBLQ2__RuBloj96jyDn","name":"panel_5","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_6","type":"visualization"},{"id":"AWDHHHR8xQT5EBNmq4z7","name":"panel_7","type":"visualization"}],"sort":[1643385898421,2310],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzUyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Connections - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDG71xFxQT5EBNmq336","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2312],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzUzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"DNS - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDG9Qx0xQT5EBNmq3_2","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2314],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzU0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SNMP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHD-LfxQT5EBNmq4iB","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2316],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzU1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SIP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHDNS4xQT5EBNmq4dF","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2318],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzU2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SMB - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHDfDkxQT5EBNmq4fQ","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,2320],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzU3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SMTP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHDsr0xQT5EBNmq4gw","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2322],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzU4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHE-_wxQT5EBNmq4n3","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"sort":[1643385898421,2324],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzU5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Software - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Software - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHEKJUxQT5EBNmq4jW","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"ba3d77e0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2326],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzYwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SSH - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHEYk4xQT5EBNmq4k5","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2328],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzYxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SSL - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHElRWxQT5EBNmq4lz","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2330],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzYyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Tunnels - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHFYrqxQT5EBNmq4qT","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2332],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzYzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Weird - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHGXk-xQT5EBNmq4uf","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2334],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzY0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"X.509 - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"AWDHGklsxQT5EBNmq4wG","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2336],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzY1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.category.keyword : \\\"registry\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - All Event.Cat:Registry Logs","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - All Event.Cat:Registry Logs\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":42}}}}"},"coreMigrationVersion":"7.16.2","id":"a0d30200-6405-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,2339],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzY2LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"505d91a5-4f8c-4350-94d6-f6ef79f78ee5":{"columnOrder":["48488c44-5465-4f80-8fda-7f09c7fa1b71","8912ace2-fabe-4cb8-9ee7-9fe38a018b83"],"columns":{"48488c44-5465-4f80-8fda-7f09c7fa1b71":{"dataType":"string","isBucketed":true,"label":"Top values of host.os.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"8912ace2-fabe-4cb8-9ee7-9fe38a018b83","type":"column"},"orderDirection":"desc","otherBucket":true,"size":3},"scale":"ordinal","sourceField":"host.os.name"},"8912ace2-fabe-4cb8-9ee7-9fe38a018b83":{"dataType":"number","isBucketed":false,"label":"Unique count of host.name","operationType":"unique_count","scale":"ratio","sourceField":"host.name"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"categoryDisplay":"default","groups":["48488c44-5465-4f80-8fda-7f09c7fa1b71"],"layerId":"505d91a5-4f8c-4350-94d6-f6ef79f78ee5","layerType":"data","legendDisplay":"default","metric":"8912ace2-fabe-4cb8-9ee7-9fe38a018b83","nestedLegend":false,"numberDisplay":"percent"}],"shape":"donut"}},"title":"Endgame - Host Operating Systems","visualizationType":"lnsPie"},"coreMigrationVersion":"7.16.2","id":"a2244d00-624b-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-505d91a5-4f8c-4350-94d6-f6ef79f78ee5","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,2343],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzY3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Top 10 - Total Bytes By Connection","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Top 10 - Total Bytes By Connection\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Connection ID\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"left\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"uid.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection ID\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"uid.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection ID\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"f1325230-3b0d-11e7-a0fe-29878c6f414a","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2345],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzY4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Top 10 - Total Bytes By Destination Port","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Top 10 - Total Bytes By Destination Port\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination Port\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Max total_bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"acd65230-3b0d-11e7-a0fe-29878c6f414a","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2347],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzY5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Top 10 - Total Bytes By Destination IP","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Total Bytes\",\"field\":\"total_bytes\"},\"schema\":\"metric\",\"type\":\"max\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Destination IP Address\",\"field\":\"destination_ip\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"Destination IP Address\",\"field\":\"destination_ip\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}]},\"title\":\"Connections - Top 10 - Total Bytes By Destination IP\",\"type\":\"histogram\"}"},"coreMigrationVersion":"7.16.2","id":"eeafbb70-3b0c-11e7-a6f9-5d3fe735ec2b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2349],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzcwLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":71,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":20,\"h\":18,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":18,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":8,\"y\":18,\"w\":20,\"h\":20,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":8,\"y\":38,\"w\":40,\"h\":33,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":35,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":28,\"y\":18,\"w\":20,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Connections - Total Bytes","version":1},"coreMigrationVersion":"7.16.2","id":"a2ab0c40-3b0a-11e7-a6f9-5d3fe735ec2b","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"f1325230-3b0d-11e7-a0fe-29878c6f414a","name":"panel_1","type":"visualization"},{"id":"acd65230-3b0d-11e7-a0fe-29878c6f414a","name":"panel_2","type":"visualization"},{"id":"41a33c80-3b0d-11e7-a6f9-5d3fe735ec2b","name":"panel_3","type":"visualization"},{"id":"726cc040-48cf-11e8-9576-313be7c6b44b","name":"panel_4","type":"visualization"},{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"panel_5","type":"search"},{"id":"eeafbb70-3b0c-11e7-a6f9-5d3fe735ec2b","name":"panel_6","type":"visualization"}],"sort":[1643385898421,2357],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzcxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"a5045e20-3bd1-11e7-a3ae-1754b87179c0","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2359],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzcyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SMB - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"},"coreMigrationVersion":"7.16.2","id":"a663e070-4c78-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"sort":[1643385898421,2361],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzczLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SNMP - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"a67546c0-3640-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2363],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mzc0LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"3895de20-9e00-43b5-b87f-b1c0bfa33b71":{"columnOrder":["409d0c1c-683e-45b6-ba92-805285d63f55","04cce9d7-67c1-4fd9-964d-f34dd053e070"],"columns":{"04cce9d7-67c1-4fd9-964d-f34dd053e070":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","scale":"ratio","sourceField":"Records"},"409d0c1c-683e-45b6-ba92-805285d63f55":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"interval":"auto"},"scale":"interval","sourceField":"@timestamp"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":"event.category.keyword : \"registry\" "},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":0},"layers":[{"accessors":["04cce9d7-67c1-4fd9-964d-f34dd053e070"],"layerId":"3895de20-9e00-43b5-b87f-b1c0bfa33b71","layerType":"data","position":"top","seriesType":"line","showGridlines":false,"xAccessor":"409d0c1c-683e-45b6-ba92-805285d63f55"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"line","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","yLeftExtent":{"mode":"full"},"yRightExtent":{"mode":"full"}}},"title":"Endgame - Event.Cat:Registry Log Count Over Time","visualizationType":"lnsXY"},"coreMigrationVersion":"7.16.2","id":"e09d6340-6cc9-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-3895de20-9e00-43b5-b87f-b1c0bfa33b71","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,2367],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mzc1LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"9643f560-7a46-408c-b61d-ed2a87fc6103":{"columnOrder":["fdf33737-65bc-4b40-a118-140a43e9b7e5","3520723b-f0f3-4845-975c-e97380d8124b"],"columns":{"3520723b-f0f3-4845-975c-e97380d8124b":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"fdf33737-65bc-4b40-a118-140a43e9b7e5":{"dataType":"string","isBucketed":true,"label":"Top values of process.executable","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"3520723b-f0f3-4845-975c-e97380d8124b","type":"column"},"orderDirection":"desc","otherBucket":true,"size":10},"scale":"ordinal","sourceField":"process.executable"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":"event.category.keyword : \"registry\" "},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":0},"layers":[{"accessors":["3520723b-f0f3-4845-975c-e97380d8124b"],"layerId":"9643f560-7a46-408c-b61d-ed2a87fc6103","layerType":"data","seriesType":"bar_horizontal","xAccessor":"fdf33737-65bc-4b40-a118-140a43e9b7e5"}],"legend":{"isVisible":true,"position":"right"},"preferredSeriesType":"bar_horizontal","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","yLeftExtent":{"mode":"full"},"yRightExtent":{"mode":"full"}}},"title":"Endgame - Registry Event process.executable","visualizationType":"lnsXY"},"coreMigrationVersion":"7.16.2","id":"e9afc350-6cc5-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-9643f560-7a46-408c-b61d-ed2a87fc6103","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,2371],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mzc2LDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"65529737-0abd-4698-a75c-47c2e0934cc4":{"columnOrder":["4fb772fa-d1e1-4746-9eaf-83e1690feb92","26daa4f5-0a68-4fae-8385-0804a8d8d42b"],"columns":{"26daa4f5-0a68-4fae-8385-0804a8d8d42b":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","scale":"ratio","sourceField":"Records"},"4fb772fa-d1e1-4746-9eaf-83e1690feb92":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"user.name","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"26daa4f5-0a68-4fae-8385-0804a8d8d42b","type":"column"},"orderDirection":"desc","otherBucket":true,"size":5},"scale":"ordinal","sourceField":"user.name"}},"incompleteColumns":{}}}}},"filters":[{"$state":{"store":"appState"},"meta":{"alias":null,"disabled":false,"indexRefName":"filter-index-pattern-0","key":"event.category","negate":false,"params":{"query":"registry"},"type":"phrase"},"query":{"match_phrase":{"event.category":"registry"}}}],"query":{"language":"kuery","query":""},"visualization":{"columns":[{"columnId":"4fb772fa-d1e1-4746-9eaf-83e1690feb92"},{"columnId":"26daa4f5-0a68-4fae-8385-0804a8d8d42b"}],"layerId":"65529737-0abd-4698-a75c-47c2e0934cc4","layerType":"data"}},"title":"Endgame - Registry User Name","visualizationType":"lnsDatatable"},"coreMigrationVersion":"7.16.2","id":"c86a8ba0-6e44-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-65529737-0abd-4698-a75c-47c2e0934cc4","type":"index-pattern"},{"id":"endgame-*","name":"filter-index-pattern-0","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,2376],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mzc3LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.16.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":11,\"i\":\"066310d0-63f3-4cc8-9daa-8c0be5ad5b5f\"},\"panelIndex\":\"066310d0-63f3-4cc8-9daa-8c0be5ad5b5f\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635) \\n \\n**Event Category** \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame** \\n[Endgame Alerts](https://ENDGAMEHOST/alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_066310d0-63f3-4cc8-9daa-8c0be5ad5b5f\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":0,\"w\":10,\"h\":11,\"i\":\"06494306-08f9-440f-a361-d63cbd6176be\"},\"panelIndex\":\"06494306-08f9-440f-a361-d63cbd6176be\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Registry All Logs \",\"panelRefName\":\"panel_06494306-08f9-440f-a361-d63cbd6176be\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":18,\"y\":0,\"w\":30,\"h\":11,\"i\":\"9461ee7e-d1fd-448b-9094-eff9e2ebdd58\"},\"panelIndex\":\"9461ee7e-d1fd-448b-9094-eff9e2ebdd58\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Registry Logs Over Time\",\"panelRefName\":\"panel_9461ee7e-d1fd-448b-9094-eff9e2ebdd58\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":11,\"w\":33,\"h\":17,\"i\":\"3265c94f-df4b-4a1d-bc7c-64c2e99e72a7\"},\"panelIndex\":\"3265c94f-df4b-4a1d-bc7c-64c2e99e72a7\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Registry Event Process\",\"panelRefName\":\"panel_3265c94f-df4b-4a1d-bc7c-64c2e99e72a7\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":33,\"y\":11,\"w\":15,\"h\":17,\"i\":\"ca05c1e6-7d21-4c69-b6be-ab95031f30f9\"},\"panelIndex\":\"ca05c1e6-7d21-4c69-b6be-ab95031f30f9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ca05c1e6-7d21-4c69-b6be-ab95031f30f9\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":28,\"w\":30,\"h\":17,\"i\":\"5b3b7aed-80c9-4e18-a55a-7ca2841913a1\"},\"panelIndex\":\"5b3b7aed-80c9-4e18-a55a-7ca2841913a1\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - Registry Events\",\"panelRefName\":\"panel_5b3b7aed-80c9-4e18-a55a-7ca2841913a1\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":30,\"y\":28,\"w\":18,\"h\":17,\"i\":\"83bb52e5-74b3-459b-8767-78bc47d1ff8d\"},\"panelIndex\":\"83bb52e5-74b3-459b-8767-78bc47d1ff8d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_83bb52e5-74b3-459b-8767-78bc47d1ff8d\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":34,\"i\":\"aa14e2db-4c3d-4a44-ad58-aae071e6ed3f\"},\"panelIndex\":\"aa14e2db-4c3d-4a44-ad58-aae071e6ed3f\",\"embeddableConfig\":{\"enhancements\":{},\"columns\":[\"host.name\",\"registry.path\",\"related.user\",\"registry.key\",\"registry.value\"]},\"panelRefName\":\"panel_aa14e2db-4c3d-4a44-ad58-aae071e6ed3f\"}]","timeRestore":false,"title":"Endgame - Registry","version":1},"coreMigrationVersion":"7.16.2","id":"a6c6c880-63f7-11ec-864c-8b5450f97635","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"754f7380-6d82-11ec-864c-8b5450f97635","name":"066310d0-63f3-4cc8-9daa-8c0be5ad5b5f:panel_066310d0-63f3-4cc8-9daa-8c0be5ad5b5f","type":"visualization"},{"id":"10af1a20-6cc9-11ec-864c-8b5450f97635","name":"06494306-08f9-440f-a361-d63cbd6176be:panel_06494306-08f9-440f-a361-d63cbd6176be","type":"lens"},{"id":"e09d6340-6cc9-11ec-864c-8b5450f97635","name":"9461ee7e-d1fd-448b-9094-eff9e2ebdd58:panel_9461ee7e-d1fd-448b-9094-eff9e2ebdd58","type":"lens"},{"id":"e9afc350-6cc5-11ec-864c-8b5450f97635","name":"3265c94f-df4b-4a1d-bc7c-64c2e99e72a7:panel_3265c94f-df4b-4a1d-bc7c-64c2e99e72a7","type":"lens"},{"id":"c86a8ba0-6e44-11ec-864c-8b5450f97635","name":"ca05c1e6-7d21-4c69-b6be-ab95031f30f9:panel_ca05c1e6-7d21-4c69-b6be-ab95031f30f9","type":"lens"},{"id":"e1e12ab0-6cc5-11ec-864c-8b5450f97635","name":"5b3b7aed-80c9-4e18-a55a-7ca2841913a1:panel_5b3b7aed-80c9-4e18-a55a-7ca2841913a1","type":"lens"},{"id":"8d1f99e0-6e45-11ec-864c-8b5450f97635","name":"83bb52e5-74b3-459b-8767-78bc47d1ff8d:panel_83bb52e5-74b3-459b-8767-78bc47d1ff8d","type":"lens"},{"id":"0359b740-64cc-11ec-864c-8b5450f97635","name":"aa14e2db-4c3d-4a44-ad58-aae071e6ed3f:panel_aa14e2db-4c3d-4a44-ad58-aae071e6ed3f","type":"search"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,2386],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mzc4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - Request - Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Strelka - Request - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"request.client.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"request.client.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"coreMigrationVersion":"7.16.2","id":"a7ebb450-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2388],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mzc5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Data Overview","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Data Overview\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.category.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":false,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":false,\"last_level\":false,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Category\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"url\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.module.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"params\":{},\"label\":\"event.module.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true}}"},"coreMigrationVersion":"7.16.2","id":"ac6b1720-7559-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2390],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzgwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"observer.name:* OR agent.name:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Log Count By Node ","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Log Count By Node \",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"observer.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"observer.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Node\"}}]}"},"coreMigrationVersion":"7.16.2","id":"a9fae5c0-6e9b-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2392],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzgxLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":9,\"h\":8,\"i\":\"e243c0f0-f7cf-453e-8f5c-dc93e4651d69\"},\"panelIndex\":\"e243c0f0-f7cf-453e-8f5c-dc93e4651d69\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":9,\"y\":0,\"w\":17,\"h\":8,\"i\":\"5fdac8ff-799a-4d54-8dcb-ee1728d9623d\"},\"panelIndex\":\"5fdac8ff-799a-4d54-8dcb-ee1728d9623d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":26,\"y\":0,\"w\":22,\"h\":8,\"i\":\"126f5365-8829-469d-8349-a08874975584\"},\"panelIndex\":\"126f5365-8829-469d-8349-a08874975584\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":22,\"h\":26,\"i\":\"9c61759c-0b14-433b-bca7-fd22f9a20630\"},\"panelIndex\":\"9c61759c-0b14-433b-bca7-fd22f9a20630\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":22,\"y\":8,\"w\":9,\"h\":26,\"i\":\"504e0ba1-08f7-4601-833d-6615d84e8fba\"},\"panelIndex\":\"504e0ba1-08f7-4601-833d-6615d84e8fba\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":31,\"y\":8,\"w\":8,\"h\":26,\"i\":\"e3425787-250b-4dad-8244-4c7ba65df3d9\"},\"panelIndex\":\"e3425787-250b-4dad-8244-4c7ba65df3d9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":39,\"y\":8,\"w\":9,\"h\":26,\"i\":\"9c133f8f-ca11-4a4b-ac5a-3dfe3b87f20e\"},\"panelIndex\":\"9c133f8f-ca11-4a4b-ac5a-3dfe3b87f20e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":30,\"i\":\"3c89322f-4209-40ba-bbe7-5c5fb45420ac\"},\"panelIndex\":\"3c89322f-4209-40ba-bbe7-5c5fb45420ac\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Home","version":1},"coreMigrationVersion":"7.16.2","id":"a8411b30-6d03-11ea-b301-3d6c35840645","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"ac6b1720-7559-11ea-9565-7315f4ee5cac","name":"panel_3","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_4","type":"visualization"},{"id":"8b065a80-6eca-11ea-9266-1fd14ca6af34","name":"panel_5","type":"visualization"},{"id":"a9fae5c0-6e9b-11ea-9266-1fd14ca6af34","name":"panel_6","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"search"}],"sort":[1643385898421,2401],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzgyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNS - Response Code Name (Donut)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.response.code_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dns.response.code_name.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"title\":\"Security Onion - DNS - Response Code Name (Donut)\"}"},"coreMigrationVersion":"7.16.2","id":"a9bd4090-72b9-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2403],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzgzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n \"query\": {\n \"language\": \"kuery\",\n \"query\": \"\"\n },\n \"filter\": []\n}"},"savedSearchRefName":"search_0","title":"Security Onion - Osquery - Query Results Count","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"result.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Query Results\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"result.hostname.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Endpoint\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"result.live_query.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Live Query Pivot\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"result.endpoint_ip1.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Endpoint Primary IP\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - Osquery - Query Results Count\"}"},"coreMigrationVersion":"7.16.2","id":"ab47a590-afcc-11ea-b262-353d451b125b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9eed5fc0-afcb-11ea-b262-353d451b125b","name":"search_0","type":"search"}],"sort":[1643385898421,2405],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mzg0LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"h\":8,\"i\":\"3919aa4b-bef6-4545-a780-484bae2df9ee\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"3919aa4b-bef6-4545-a780-484bae2df9ee\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"}]","timeRestore":false,"title":"Security Onion - Users","version":1},"coreMigrationVersion":"7.16.2","id":"abbe1140-72c7-11ea-8dd2-9d8795a1200b","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"}],"sort":[1643385898421,2407],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mzg1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Dataset By Node","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Dataset By Node\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Dataset\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"event.dataset.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.dataset.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"}}]}"},"coreMigrationVersion":"7.16.2","id":"abffa080-6ec9-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2409],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mzg2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"f5166880-374f-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2411],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mzg3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Request Path","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Request Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"request_path.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request Path\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"dddb4430-3752-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2413],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mzg4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"dfd1dc00-6e24-11e7-a261-55504638cf3b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2415],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mzg5LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":72,\"w\":16,\"h\":24,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":72,\"w\":16,\"h\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":20,\"y\":8,\"w\":12,\"h\":16,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":96,\"w\":48,\"h\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":20,\"y\":48,\"w\":28,\"h\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":32,\"y\":24,\"w\":16,\"h\":24,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":48,\"w\":20,\"h\":24,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}},\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":12,\"h\":16,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":120,\"w\":48,\"h\":30,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":16,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":32,\"y\":72,\"w\":16,\"h\":24,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":24,\"w\":24,\"h\":24,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_14\"}]","timeRestore":false,"title":"z16.04 - Bro - SIP","version":1},"coreMigrationVersion":"7.16.2","id":"ad3c0830-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"5393c710-3640-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"f5166880-374f-11e7-b74a-f5057991ccd2","name":"panel_2","type":"visualization"},{"id":"04e1aea0-3750-11e7-b74a-f5057991ccd2","name":"panel_3","type":"visualization"},{"id":"90bf0a80-3750-11e7-b74a-f5057991ccd2","name":"panel_4","type":"visualization"},{"id":"dddb4430-3752-11e7-b74a-f5057991ccd2","name":"panel_5","type":"visualization"},{"id":"5e36c370-3753-11e7-b74a-f5057991ccd2","name":"panel_6","type":"visualization"},{"id":"73f663f0-3753-11e7-b74a-f5057991ccd2","name":"panel_7","type":"visualization"},{"id":"930b1600-3753-11e7-b74a-f5057991ccd2","name":"panel_8","type":"visualization"},{"id":"2db47070-3754-11e7-b74a-f5057991ccd2","name":"panel_9","type":"visualization"},{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"panel_10","type":"search"},{"id":"1ef5c230-6e24-11e7-a261-55504638cf3b","name":"panel_11","type":"visualization"},{"id":"dfd1dc00-6e24-11e7-a261-55504638cf3b","name":"panel_12","type":"visualization"},{"id":"AWDHDNS4xQT5EBNmq4dF","name":"panel_13","type":"visualization"},{"id":"0291dba0-4c78-11e8-9b0a-f1d33346f773","name":"panel_14","type":"visualization"}],"sort":[1643385898421,2431],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzkwLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.module:zeek AND event.dataset:file\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":7,\"i\":\"257c130f-3673-410c-9f60-d67deb13b580\"},\"panelIndex\":\"257c130f-3673-410c-9f60-d67deb13b580\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":17,\"h\":7,\"i\":\"de6206b4-7adb-44a0-ae00-2d28274478c8\"},\"panelIndex\":\"de6206b4-7adb-44a0-ae00-2d28274478c8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":7,\"i\":\"93532ba0-f446-4a97-8783-a04dd4347485\"},\"panelIndex\":\"93532ba0-f446-4a97-8783-a04dd4347485\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":7,\"w\":8,\"h\":19,\"i\":\"a2af856c-7069-46b2-974c-e8b9054af929\"},\"panelIndex\":\"a2af856c-7069-46b2-974c-e8b9054af929\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":7,\"w\":9,\"h\":19,\"i\":\"4a3de026-5001-46a6-af20-78db885bd4bb\"},\"panelIndex\":\"4a3de026-5001-46a6-af20-78db885bd4bb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":17,\"y\":7,\"w\":17,\"h\":19,\"i\":\"74071657-abfc-49e7-a0c3-e318b72a9d4c\"},\"panelIndex\":\"74071657-abfc-49e7-a0c3-e318b72a9d4c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":34,\"y\":7,\"w\":14,\"h\":19,\"i\":\"2379029c-c749-4804-91df-3d9be3fc4f8a\"},\"panelIndex\":\"2379029c-c749-4804-91df-3d9be3fc4f8a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":26,\"w\":21,\"h\":19,\"i\":\"0e36a0b5-5905-43c6-8ae1-f3eb348571a0\"},\"panelIndex\":\"0e36a0b5-5905-43c6-8ae1-f3eb348571a0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":21,\"y\":26,\"w\":8,\"h\":19,\"i\":\"99813eab-a19b-47d2-a8ee-8bcb667eedbf\"},\"panelIndex\":\"99813eab-a19b-47d2-a8ee-8bcb667eedbf\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":29,\"y\":26,\"w\":10,\"h\":19,\"i\":\"18a734f4-78a1-4d84-9f7f-7c5aa6d3b1c2\"},\"panelIndex\":\"18a734f4-78a1-4d84-9f7f-7c5aa6d3b1c2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":39,\"y\":26,\"w\":9,\"h\":19,\"i\":\"c51df9f8-9010-4cae-9c7c-76ca7af98f13\"},\"panelIndex\":\"c51df9f8-9010-4cae-9c7c-76ca7af98f13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":24,\"i\":\"226350dd-3afe-4135-a8da-71db63287a95\"},\"panelIndex\":\"226350dd-3afe-4135-a8da-71db63287a95\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"Security Onion - Zeek Files","version":1},"coreMigrationVersion":"7.16.2","id":"ad4d5d60-75f4-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"bcf25e30-75f1-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"e8d35c50-75f3-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"09fc6ef0-7732-11ea-bee5-af7f7c7b8e05","name":"panel_7","type":"visualization"},{"id":"2fc4bea0-7730-11ea-bee5-af7f7c7b8e05","name":"panel_8","type":"visualization"},{"id":"49cfe850-772c-11ea-bee5-af7f7c7b8e05","name":"panel_9","type":"visualization"},{"id":"efc25540-75f1-11ea-9565-7315f4ee5cac","name":"panel_10","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_11","type":"search"}],"sort":[1643385898421,2444],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzkxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"ae4e88b0-76b5-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"sort":[1643385898421,2446],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzkyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SSL - Destination Country (Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SSL - Destination Country (Bar Chart)\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"destination_geo.country_name.keyword: Descending\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"coreMigrationVersion":"7.16.2","id":"ae959820-365c-11e7-8bd0-1db2c55fb7a1","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2448],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0MzkzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - TLS - True/False (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"SMTP - TLS - True/False (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"TLS\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"TLS\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"aeb71cc0-6e29-11e7-8b76-75eee0095daa","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2450],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mzk0LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Initial Systems/Queries\",\"disabled\":true,\"key\":\"osquery.counter\",\"negate\":true,\"params\":{\"query\":0,\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"0\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"osquery.counter\":{\"query\":0,\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Servers Only\",\"disabled\":true,\"key\":\"osquery.codename\",\"negate\":false,\"params\":{\"query\":\"server\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"server\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match\":{\"osquery.codename\":{\"query\":\"server\",\"type\":\"phrase\"}}}}],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":64,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":17,\"h\":11,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":8,\"y\":29,\"w\":40,\"h\":20,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Chrome Extensions - Logs\",\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":8,\"y\":11,\"w\":40,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Chrome Extensions - Sensitive Permissions\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":11,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Chrome Extensions - Changes by Hostname\",\"panelRefName\":\"panel_4\"}]","timeRestore":false,"title":"osquery - Chrome Extensions","version":1},"coreMigrationVersion":"7.16.2","id":"af0ea750-18d3-11e9-932c-d12d2cf4ee95","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"71538370-18d5-11e9-932c-d12d2cf4ee95","name":"panel_1","type":"visualization"},{"id":"0eee4360-18d4-11e9-932c-d12d2cf4ee95","name":"panel_2","type":"search"},{"id":"78cf8bf0-1a59-11e9-ac0b-cb0ba10141ab","name":"panel_3","type":"visualization"},{"id":"04f86530-1a59-11e9-ac0b-cb0ba10141ab","name":"panel_4","type":"visualization"}],"sort":[1643385898421,2458],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mzk1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security Onion - Osquery - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rule.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"title\":\"Security Onion - Osquery - Name\"}"},"coreMigrationVersion":"7.16.2","id":"af139720-afcb-11ea-b262-353d451b125b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"sort":[1643385898421,2460],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mzk2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Message Type (Donut)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dhcp.message_types.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message Type\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"title\":\"Security Onion - DHCP - Message Type (Donut)\"}"},"coreMigrationVersion":"7.16.2","id":"af26c6e0-96e6-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2462],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mzk3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"subject.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"SMTP\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"c47e2a10-39a1-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2464],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mzk4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SMTP - Destination Country (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMTP - Destination Country (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}]}"},"coreMigrationVersion":"7.16.2","id":"dfe23030-39a1-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2466],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0Mzk5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - TLS (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMTP - TLS (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"c3bb32c0-39a2-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2468],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDAwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"f18a0480-3bd0-11e7-9c09-4f161b0766dd","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2470],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDAxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - User Agent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"useragent.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"d776e510-6e28-11e7-8b76-75eee0095daa","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2472],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDAyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"d5aa6d00-6e29-11e7-8b76-75eee0095daa","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2474],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDAzLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":80,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":80,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":56,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":16,\"y\":56,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":28,\"x\":0,\"y\":104,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":32,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":20,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":20,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":56,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_14\"}]","timeRestore":false,"title":"z16.04 - Bro - SMTP","version":1},"coreMigrationVersion":"7.16.2","id":"b10a9c60-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"7c922990-3640-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"c47e2a10-39a1-11e7-8472-0151e5b2b475","name":"panel_2","type":"visualization"},{"id":"dfe23030-39a1-11e7-8472-0151e5b2b475","name":"panel_3","type":"visualization"},{"id":"73b1b240-39a2-11e7-8472-0151e5b2b475","name":"panel_4","type":"visualization"},{"id":"96767400-39a2-11e7-8472-0151e5b2b475","name":"panel_5","type":"visualization"},{"id":"c3bb32c0-39a2-11e7-8472-0151e5b2b475","name":"panel_6","type":"visualization"},{"id":"f18a0480-3bd0-11e7-9c09-4f161b0766dd","name":"panel_7","type":"visualization"},{"id":"a5045e20-3bd1-11e7-a3ae-1754b87179c0","name":"panel_8","type":"visualization"},{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"panel_9","type":"search"},{"id":"d776e510-6e28-11e7-8b76-75eee0095daa","name":"panel_10","type":"visualization"},{"id":"53beb0d0-6e29-11e7-8b76-75eee0095daa","name":"panel_11","type":"visualization"},{"id":"aeb71cc0-6e29-11e7-8b76-75eee0095daa","name":"panel_12","type":"visualization"},{"id":"d5aa6d00-6e29-11e7-8b76-75eee0095daa","name":"panel_13","type":"visualization"},{"id":"AWDHDsr0xQT5EBNmq4gw","name":"panel_14","type":"visualization"}],"sort":[1643385898421,2490],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDA0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNP3 - IIN","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DNP3 - IIN\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dnp3.iin: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dnp3.iin\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IIN\"}}]}"},"coreMigrationVersion":"7.16.2","id":"f991b6d0-75b8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2492],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDA1LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:dnp3\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"728d0151-5dc6-429d-9b14-b457ab73d3fd\"},\"panelIndex\":\"728d0151-5dc6-429d-9b14-b457ab73d3fd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":15,\"h\":8,\"i\":\"1b99097d-a957-4163-9810-263a0e653c18\"},\"panelIndex\":\"1b99097d-a957-4163-9810-263a0e653c18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":8,\"i\":\"43bb3cf4-ee4a-4eba-8eea-8e133957fd48\"},\"panelIndex\":\"43bb3cf4-ee4a-4eba-8eea-8e133957fd48\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":19,\"i\":\"87f23747-38c9-4d15-a85b-8beff66abaf4\"},\"panelIndex\":\"87f23747-38c9-4d15-a85b-8beff66abaf4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":8,\"h\":19,\"i\":\"d10ae5ac-6400-4a2c-a376-e6e74ed529ad\"},\"panelIndex\":\"d10ae5ac-6400-4a2c-a376-e6e74ed529ad\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":8,\"w\":12,\"h\":19,\"i\":\"a9916c8f-c82b-413d-8561-64ce0d68d3b8\"},\"panelIndex\":\"a9916c8f-c82b-413d-8561-64ce0d68d3b8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":19,\"i\":\"04426d00-3313-40eb-a0c9-2541a7ea99f3\"},\"panelIndex\":\"04426d00-3313-40eb-a0c9-2541a7ea99f3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":28,\"i\":\"f36f0fec-ab1e-4aea-84ea-4cf0fedcfffc\"},\"panelIndex\":\"f36f0fec-ab1e-4aea-84ea-4cf0fedcfffc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - DNP3","version":1},"coreMigrationVersion":"7.16.2","id":"b1f52180-755a-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"f991b6d0-75b8-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"214793c0-75b9-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"search"}],"sort":[1643385898421,2501],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDA2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RFB - Authentication Method","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RFB - Authentication Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rfb.authentication.method.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.authentication.method.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"}}]}"},"coreMigrationVersion":"7.16.2","id":"b2053990-75c7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2503],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDA3LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:kerberos\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"caa0aaa2-ed03-47b4-9a9f-c0f9b8d50da9\"},\"panelIndex\":\"caa0aaa2-ed03-47b4-9a9f-c0f9b8d50da9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":14,\"y\":0,\"w\":15,\"h\":9,\"i\":\"e0e4a50d-887b-472b-a790-302966fb6f49\"},\"panelIndex\":\"e0e4a50d-887b-472b-a790-302966fb6f49\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":9,\"i\":\"5cca2c4b-7299-4122-a3d5-3637ef23dc5d\"},\"panelIndex\":\"5cca2c4b-7299-4122-a3d5-3637ef23dc5d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":10,\"h\":19,\"i\":\"aa944a94-288e-490f-9e04-f5b3bc2cf19f\"},\"panelIndex\":\"aa944a94-288e-490f-9e04-f5b3bc2cf19f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":10,\"y\":9,\"w\":10,\"h\":19,\"i\":\"ebc359a7-3dce-4e7d-bd70-355cc8099437\"},\"panelIndex\":\"ebc359a7-3dce-4e7d-bd70-355cc8099437\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":20,\"y\":9,\"w\":11,\"h\":19,\"i\":\"251dacac-b4c5-481a-9e41-8173e9bc27ab\"},\"panelIndex\":\"251dacac-b4c5-481a-9e41-8173e9bc27ab\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":31,\"y\":9,\"w\":7,\"h\":19,\"i\":\"1a78a61c-7b0a-425f-ade8-bcbb302a2585\"},\"panelIndex\":\"1a78a61c-7b0a-425f-ade8-bcbb302a2585\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":38,\"y\":9,\"w\":10,\"h\":19,\"i\":\"eba2e210-8b36-41a7-8ac5-7d63cfc022e1\"},\"panelIndex\":\"eba2e210-8b36-41a7-8ac5-7d63cfc022e1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":28,\"w\":48,\"h\":29,\"i\":\"13a216e9-1e56-4069-a61a-238ff604a18b\"},\"panelIndex\":\"13a216e9-1e56-4069-a61a-238ff604a18b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - Kerberos","version":1},"coreMigrationVersion":"7.16.2","id":"b207ab90-75bc-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"0ecc7310-75bd-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"2d73e460-75bd-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"48331f00-75bd-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_8","type":"search"}],"sort":[1643385898421,2513],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDA4LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":104,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":56,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":56,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":8,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":32,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":80,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"z16.04 - Bro - SMB","version":1},"coreMigrationVersion":"7.16.2","id":"b3a53710-3aaa-11e7-8b17-0d8709b02c80","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"panel_0","type":"search"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"85e40a70-3aac-11e7-8b17-0d8709b02c80","name":"panel_2","type":"visualization"},{"id":"15b4e7a0-3aad-11e7-8b17-0d8709b02c80","name":"panel_3","type":"visualization"},{"id":"31f5e040-3aad-11e7-8b17-0d8709b02c80","name":"panel_4","type":"visualization"},{"id":"6f883480-3aad-11e7-8b17-0d8709b02c80","name":"panel_5","type":"visualization"},{"id":"60384e00-3aaf-11e7-a83b-b1b4da7d15f4","name":"panel_6","type":"visualization"},{"id":"72f0f010-3aaf-11e7-a83b-b1b4da7d15f4","name":"panel_7","type":"visualization"},{"id":"306c4330-4175-11e7-a0f7-47f4c03e3306","name":"panel_8","type":"visualization"},{"id":"AWDHDfDkxQT5EBNmq4fQ","name":"panel_9","type":"visualization"},{"id":"a663e070-4c78-11e8-9b0a-f1d33346f773","name":"panel_10","type":"visualization"}],"sort":[1643385898421,2525],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDA5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Responder Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Responder Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"respond_bytes\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Responder Bytes\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"b50912f0-366f-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2527],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDEwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Tunnels - Type","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Tunnels - Type\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tunnel.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"}}]}"},"coreMigrationVersion":"7.16.2","id":"b6120810-75ef-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2529],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDExLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source - Responder Bytes ( Tile Map)","uiStateJSON":"{\"mapZoom\":3,\"mapCenter\":[39.70718665682654,-44.912109375]}","version":1,"visState":"{\"title\":\"Connections - Source - Responder Bytes ( Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"respond_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"f3bc9fa0-46cb-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2531],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDEyLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[24.84656534821976,0.17578125],\"mapZoom\":2,\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]","timeRestore":false,"title":"Connections - Source - Responder Bytes","version":1},"coreMigrationVersion":"7.16.2","id":"b65775e0-46cb-11e7-946f-1bfb1be7c36b","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"f3bc9fa0-46cb-11e7-946f-1bfb1be7c36b","name":"panel_1","type":"visualization"}],"sort":[1643385898421,2534],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDEzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SNMP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"e8511600-36b8-11e7-9786-41a1d72e15ad","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2536],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDE0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Session Duration","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SNMP - Session Duration\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"duration\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Duration\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"e47015d0-36b9-11e7-9786-41a1d72e15ad","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2538],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDE1LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":24,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":32,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"z16.04 - Bro - SNMP","version":1},"coreMigrationVersion":"7.16.2","id":"b65c2710-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"a67546c0-3640-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"e8511600-36b8-11e7-9786-41a1d72e15ad","name":"panel_2","type":"visualization"},{"id":"0defabb0-36b9-11e7-9786-41a1d72e15ad","name":"panel_3","type":"visualization"},{"id":"e47015d0-36b9-11e7-9786-41a1d72e15ad","name":"panel_4","type":"visualization"},{"id":"2a3ae810-36ba-11e7-9786-41a1d72e15ad","name":"panel_5","type":"visualization"},{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"panel_6","type":"search"},{"id":"7dc62970-6e2a-11e7-8b76-75eee0095daa","name":"panel_7","type":"visualization"},{"id":"AWDHD-LfxQT5EBNmq4iB","name":"panel_8","type":"visualization"},{"id":"83a91450-4c79-11e8-9b0a-f1d33346f773","name":"panel_9","type":"visualization"}],"sort":[1643385898421,2549],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDE2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Validation Status","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Validation Status\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.validation_status.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssl.validation_status.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status\"}}]}"},"coreMigrationVersion":"7.16.2","id":"b8371250-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2551],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDE3LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:radius\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"005ac000-9db8-4310-97d5-4574cdaf0e49\"},\"panelIndex\":\"005ac000-9db8-4310-97d5-4574cdaf0e49\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":9,\"i\":\"a65d1358-9fa9-4457-8a46-5790a748d1fa\"},\"panelIndex\":\"a65d1358-9fa9-4457-8a46-5790a748d1fa\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":9,\"i\":\"d38d991e-53e4-4b71-8e3f-c0d4b0d454da\"},\"panelIndex\":\"d38d991e-53e4-4b71-8e3f-c0d4b0d454da\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":19,\"i\":\"9304c1a2-e55f-4f51-bd04-d15892b754a4\"},\"panelIndex\":\"9304c1a2-e55f-4f51-bd04-d15892b754a4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":19,\"i\":\"7075ea4f-e935-470c-9329-9a0b15202385\"},\"panelIndex\":\"7075ea4f-e935-470c-9329-9a0b15202385\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":9,\"w\":8,\"h\":19,\"i\":\"91a90e9d-71f7-484c-a561-6aef6a3b8f09\"},\"panelIndex\":\"91a90e9d-71f7-484c-a561-6aef6a3b8f09\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":9,\"w\":9,\"h\":19,\"i\":\"9058f9ee-39d1-4e2b-a99b-ed4c2fb26efd\"},\"panelIndex\":\"9058f9ee-39d1-4e2b-a99b-ed4c2fb26efd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":19,\"i\":\"766f8f9b-3f31-47d8-9734-442fc1fcff84\"},\"panelIndex\":\"766f8f9b-3f31-47d8-9734-442fc1fcff84\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":28,\"w\":48,\"h\":29,\"i\":\"49fd1168-f7ab-4759-a92c-f2699389678e\"},\"panelIndex\":\"49fd1168-f7ab-4759-a92c-f2699389678e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - RADIUS","version":1},"coreMigrationVersion":"7.16.2","id":"b9769e60-75c4-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"767c89f0-af4c-11ea-b262-353d451b125b","name":"panel_5","type":"visualization"},{"id":"0ca071b0-75c5-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"27ab8260-75c5-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_8","type":"search"}],"sort":[1643385898421,2561],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDE4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Connections - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"},"coreMigrationVersion":"7.16.2","id":"bc7fbe00-4a44-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2563],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDE5LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.module:osquery\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":7,\"i\":\"7f9eaa30-b358-4027-a312-249defe273c4\"},\"panelIndex\":\"7f9eaa30-b358-4027-a312-249defe273c4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":7,\"y\":0,\"w\":17,\"h\":7,\"i\":\"ca041a33-b29f-4ce6-8762-2dd86a9c27a2\"},\"panelIndex\":\"ca041a33-b29f-4ce6-8762-2dd86a9c27a2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":7,\"i\":\"4e6cdaec-ad6d-46b2-abdc-7383382635c7\"},\"panelIndex\":\"4e6cdaec-ad6d-46b2-abdc-7383382635c7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":7,\"w\":48,\"h\":16,\"i\":\"fae63e28-6a3c-4641-94fd-e5b033ac55b9\"},\"panelIndex\":\"fae63e28-6a3c-4641-94fd-e5b033ac55b9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":23,\"w\":48,\"h\":31,\"i\":\"91e35690-24ec-4a13-b791-6146c05a2285\"},\"panelIndex\":\"91e35690-24ec-4a13-b791-6146c05a2285\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"}]","timeRestore":false,"title":"Security Onion - Osquery","version":1},"coreMigrationVersion":"7.16.2","id":"bf7cf8d0-7732-11ea-bee5-af7f7c7b8e05","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"df50eba0-6ec0-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"ab47a590-afcc-11ea-b262-353d451b125b","name":"panel_3","type":"visualization"},{"id":"a866be10-0e45-11eb-a255-e1e8e85e3571","name":"panel_4","type":"search"}],"sort":[1643385898421,2569],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDIwLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Software - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Software - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"da4cc2c0-3640-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"ba3d77e0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2571],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDIxLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":40,\"x\":0,\"y\":44,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"name\",\"software_type\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":36,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"}]","timeRestore":false,"title":"z16.04 - Bro - Software","version":1},"coreMigrationVersion":"7.16.2","id":"c2c99c30-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"da4cc2c0-3640-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"ba3d77e0-342e-11e7-9e93-53b62e1857b2","name":"panel_2","type":"search"},{"id":"AWDHEKJUxQT5EBNmq4jW","name":"panel_3","type":"visualization"},{"id":"9b0f6a80-4c7a-11e8-9b0a-f1d33346f773","name":"panel_4","type":"visualization"}],"sort":[1643385898421,2577],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDIyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Connections - Protocol (Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Connections - Protocol (Bar Chart)\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Protocol\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"protocol.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}]}"},"coreMigrationVersion":"7.16.2","id":"c3152010-3673-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2579],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDIzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - MySQL - Success","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - MySQL - Success\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.16.2","id":"ec40c5e0-75c0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2581],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDI0LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:mysql\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"b08e3120-b482-4817-b3e9-f521f5acd8f2\"},\"panelIndex\":\"b08e3120-b482-4817-b3e9-f521f5acd8f2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":9,\"i\":\"e23b2681-5eae-4de6-8933-ba755508ec5b\"},\"panelIndex\":\"e23b2681-5eae-4de6-8933-ba755508ec5b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":9,\"i\":\"53e06ed2-d64f-46dc-b864-5b884a8c53dc\"},\"panelIndex\":\"53e06ed2-d64f-46dc-b864-5b884a8c53dc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":18,\"i\":\"2bfa498b-d0a8-48ee-9a47-bcf288127d2a\"},\"panelIndex\":\"2bfa498b-d0a8-48ee-9a47-bcf288127d2a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":18,\"i\":\"e6a27aaf-ef8d-41a3-aebc-9c26ab2dc189\"},\"panelIndex\":\"e6a27aaf-ef8d-41a3-aebc-9c26ab2dc189\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":18,\"y\":9,\"w\":15,\"h\":18,\"i\":\"e2f6f286-c4ba-4642-b650-366aca2c3d2d\"},\"panelIndex\":\"e2f6f286-c4ba-4642-b650-366aca2c3d2d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":18,\"i\":\"f84a5dbd-d99c-4c24-895f-18f1d419af93\"},\"panelIndex\":\"f84a5dbd-d99c-4c24-895f-18f1d419af93\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":16,\"i\":\"3b2e66eb-aa46-4363-b8ad-efd564b95279\"},\"panelIndex\":\"3b2e66eb-aa46-4363-b8ad-efd564b95279\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":43,\"w\":48,\"h\":29,\"i\":\"fb7962e7-1108-429e-a623-8ece03931e4a\"},\"panelIndex\":\"fb7962e7-1108-429e-a623-8ece03931e4a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - MySQL","version":1},"coreMigrationVersion":"7.16.2","id":"c3ced6d0-75be-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"ec40c5e0-75c0-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"1f306f60-75c0-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"3af496e0-75c0-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_8","type":"search"}],"sort":[1643385898421,2591],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDI1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"ca9ffc10-76b5-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"sort":[1643385898421,2593],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDI2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Protocol","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"protocol.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"e9d5ae30-76b6-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"sort":[1643385898421,2595],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDI3LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":8,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":28,\"h\":24,\"x\":8,\"y\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"z16.04 - Bro - Syslog","version":1},"coreMigrationVersion":"7.16.2","id":"c4bbe040-76b3-11e7-ba96-cba76a1e264d","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"92b202e0-76b4-11e7-94e1-3d2ec4e57ed9","name":"panel_1","type":"visualization"},{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"panel_2","type":"search"},{"id":"6c60a280-76b5-11e7-94e1-3d2ec4e57ed9","name":"panel_3","type":"visualization"},{"id":"ae4e88b0-76b5-11e7-94e1-3d2ec4e57ed9","name":"panel_4","type":"visualization"},{"id":"ca9ffc10-76b5-11e7-94e1-3d2ec4e57ed9","name":"panel_5","type":"visualization"},{"id":"e9d5ae30-76b6-11e7-94e1-3d2ec4e57ed9","name":"panel_6","type":"visualization"},{"id":"346e5c30-76b7-11e7-94e1-3d2ec4e57ed9","name":"panel_7","type":"visualization"},{"id":"AWDHE-_wxQT5EBNmq4n3","name":"panel_8","type":"visualization"}],"sort":[1643385898421,2605],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDI4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Authentication Success","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"SSH - Authentication Success\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Authentication Success\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"authentication_success.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Authentication Success\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"dcea2790-6e33-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2607],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDI5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SSH -Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSH -Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}]}"},"coreMigrationVersion":"7.16.2","id":"e64833a0-4c7b-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2609],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDMwLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":32,\"w\":14,\"h\":24,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":22,\"y\":32,\"w\":14,\"h\":24,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":80,\"w\":48,\"h\":24,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":36,\"y\":32,\"w\":12,\"h\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":24,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":28,\"h\":24,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"z16.04 - Bro - SSH","version":1},"coreMigrationVersion":"7.16.2","id":"c6ccfc00-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"09457310-3641-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"8a60eb50-365f-11e7-8c78-e3086faf385c","name":"panel_2","type":"visualization"},{"id":"9a33f9a0-365f-11e7-8c78-e3086faf385c","name":"panel_3","type":"visualization"},{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"panel_4","type":"search"},{"id":"54d78f50-6e33-11e7-9a19-a5996f8250c6","name":"panel_5","type":"visualization"},{"id":"dcea2790-6e33-11e7-9a19-a5996f8250c6","name":"panel_6","type":"visualization"},{"id":"2bbdc020-6e34-11e7-9a19-a5996f8250c6","name":"panel_7","type":"visualization"},{"id":"AWDHEYk4xQT5EBNmq4k5","name":"panel_8","type":"visualization"},{"id":"e64833a0-4c7b-11e8-9b0a-f1d33346f773","name":"panel_9","type":"visualization"}],"sort":[1643385898421,2620],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDMxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"7.16.2","id":"c7484350-6eb1-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1643385898421,2622],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDMyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Zeek - Notice Message","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Zeek - Notice Message\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"notice.message.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"notice.message.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message\"}}]}"},"coreMigrationVersion":"7.16.2","id":"c8039090-7a84-11ea-9d13-57f5db13d1ed","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2624],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDMzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RFB - Share Flag","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - RFB - Share Flag\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"rfb.share_flag\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.16.2","id":"d5e72b20-75c7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2626],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDM0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RFB - Desktop Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RFB - Desktop Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rfb.desktop.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.desktop.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Desktop Name\"}}]}"},"coreMigrationVersion":"7.16.2","id":"fe62c910-75c7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2628],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDM1LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:rfb\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"f64f888f-f9bb-4be1-ab75-80d2a11303ed\"},\"panelIndex\":\"f64f888f-f9bb-4be1-ab75-80d2a11303ed\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"0e12fa96-b29d-4815-ae19-b6e894948597\"},\"panelIndex\":\"0e12fa96-b29d-4815-ae19-b6e894948597\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"7c1a7e05-c37b-4f81-b6b6-b30cfa0897e2\"},\"panelIndex\":\"7c1a7e05-c37b-4f81-b6b6-b30cfa0897e2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"c1bb39f4-4d9f-4154-a131-65e727fc0049\"},\"panelIndex\":\"c1bb39f4-4d9f-4154-a131-65e727fc0049\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"e51c88d1-a11a-4d5f-b5a7-f6ac79b23054\"},\"panelIndex\":\"e51c88d1-a11a-4d5f-b5a7-f6ac79b23054\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":18,\"y\":8,\"w\":14,\"h\":19,\"i\":\"b9412112-bc5a-4b16-ba5e-ded11a0e299d\"},\"panelIndex\":\"b9412112-bc5a-4b16-ba5e-ded11a0e299d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":19,\"i\":\"edfbec77-b174-40ac-9f11-776da22fe82d\"},\"panelIndex\":\"edfbec77-b174-40ac-9f11-776da22fe82d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":24,\"h\":15,\"i\":\"d2d1ebcb-83a9-44ca-80f2-2f0fc2abcecf\"},\"panelIndex\":\"d2d1ebcb-83a9-44ca-80f2-2f0fc2abcecf\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":27,\"w\":12,\"h\":15,\"i\":\"aedad86f-ec5e-4330-bab0-468351eb8355\"},\"panelIndex\":\"aedad86f-ec5e-4330-bab0-468351eb8355\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":15,\"i\":\"8092b313-2e40-47e4-96a2-51086f98e53f\"},\"panelIndex\":\"8092b313-2e40-47e4-96a2-51086f98e53f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":42,\"w\":48,\"h\":29,\"i\":\"630311aa-6915-4543-a10a-2677f3c2f96a\"},\"panelIndex\":\"630311aa-6915-4543-a10a-2677f3c2f96a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"Security Onion - RFB","version":1},"coreMigrationVersion":"7.16.2","id":"c8b3c360-75c6-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"b2053990-75c7-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"d5e72b20-75c7-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"fe62c910-75c7-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"5dcf09e0-75c8-11ea-9565-7315f4ee5cac","name":"panel_8","type":"visualization"},{"id":"316e90a0-75c8-11ea-9565-7315f4ee5cac","name":"panel_9","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_10","type":"search"}],"sort":[1643385898421,2640],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDM2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connection Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Connection Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"7.16.2","id":"c94e2aa0-6e9f-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1643385898421,2642],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDM3LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:tunnel\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"19aef080-5875-4182-81a8-2a6639c75489\"},\"panelIndex\":\"19aef080-5875-4182-81a8-2a6639c75489\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"70939be7-5bb9-4d13-ab89-683b3eda7a98\"},\"panelIndex\":\"70939be7-5bb9-4d13-ab89-683b3eda7a98\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"21848a06-ca96-4869-b069-7524caf3ae06\"},\"panelIndex\":\"21848a06-ca96-4869-b069-7524caf3ae06\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":10,\"h\":19,\"i\":\"8020a914-8f9f-4bd6-be32-1c6afa27f9e4\"},\"panelIndex\":\"8020a914-8f9f-4bd6-be32-1c6afa27f9e4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":10,\"y\":8,\"w\":10,\"h\":19,\"i\":\"9f72f316-c3a2-4658-8d03-932fa590e216\"},\"panelIndex\":\"9f72f316-c3a2-4658-8d03-932fa590e216\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":20,\"y\":8,\"w\":9,\"h\":19,\"i\":\"fa1bc43a-2be3-4699-97af-677bded82273\"},\"panelIndex\":\"fa1bc43a-2be3-4699-97af-677bded82273\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":29,\"y\":8,\"w\":19,\"h\":19,\"i\":\"7c522eab-36bc-4933-abea-29a4c4a4f918\"},\"panelIndex\":\"7c522eab-36bc-4933-abea-29a4c4a4f918\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":29,\"i\":\"b7799f8a-60c5-4629-9acd-9bbe7ebbac2a\"},\"panelIndex\":\"b7799f8a-60c5-4629-9acd-9bbe7ebbac2a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Tunnels","version":1},"coreMigrationVersion":"7.16.2","id":"c962dd60-75ed-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"b6120810-75ef-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"search"}],"sort":[1643385898421,2651],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDM4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"Weird - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"ca3e57d0-4172-11e7-9850-b78558d0ac17","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2653],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDM5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNP3 - FC Reply","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DNP3 - FC Reply\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dnp3.fc_reply.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dnp3.fc_reply.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"FC Reply\"}}]}"},"coreMigrationVersion":"7.16.2","id":"cb29fbe0-75b8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2655],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDQwLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"*\",\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"x\":12,\"y\":20,\"w\":24,\"h\":20,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}},\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":12,\"y\":0,\"w\":24,\"h\":20,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":40,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":40,\"w\":48,\"h\":24,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_3\"}]","timeRestore":false,"title":"Connections - Top Source IPs","version":1},"coreMigrationVersion":"7.16.2","id":"cb367060-3b04-11e7-a83b-b1b4da7d15f4","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"8261cf00-366e-11e7-8c78-e3086faf385c","name":"panel_0","type":"visualization"},{"id":"28c27f80-3b05-11e7-a83b-b1b4da7d15f4","name":"panel_1","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_2","type":"visualization"},{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"panel_3","type":"search"}],"sort":[1643385898421,2660],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDQxLDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"851cf638-4ae4-45ad-b7ad-e97c0926b6a3":{"columnOrder":["558ae3ab-245f-4076-9b88-155e26219823","01fd47d1-6f20-44f0-afb6-2850548061f8"],"columns":{"01fd47d1-6f20-44f0-afb6-2850548061f8":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"558ae3ab-245f-4076-9b88-155e26219823":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Endgame - Event Actions","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"01fd47d1-6f20-44f0-afb6-2850548061f8","type":"column"},"orderDirection":"desc","otherBucket":true,"size":5},"scale":"ordinal","sourceField":"event.action"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"categoryDisplay":"default","groups":["558ae3ab-245f-4076-9b88-155e26219823"],"layerId":"851cf638-4ae4-45ad-b7ad-e97c0926b6a3","layerType":"data","legendDisplay":"show","metric":"01fd47d1-6f20-44f0-afb6-2850548061f8","nestedLegend":false,"numberDisplay":"percent"}],"shape":"pie"}},"title":"Endgame - Event Actions Graph","visualizationType":"lnsPie"},"coreMigrationVersion":"7.16.2","id":"cb421a30-6252-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-851cf638-4ae4-45ad-b7ad-e97c0926b6a3","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,2664],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDQyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"db570800-365a-11e7-8bd0-1db2c55fb7a1","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2666],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDQzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"f0700840-365a-11e7-8bd0-1db2c55fb7a1","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2668],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDQ0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SSL - Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_common_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Common Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"validation_status.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"version.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"TLS Version\"}}]}"},"coreMigrationVersion":"7.16.2","id":"ebec2ea0-4c7c-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2670],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDQ1LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":80,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":104,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":104,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":16,\"y\":104,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":56,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":8,\"y\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":72,\"x\":0,\"y\":128,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":56,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":32,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_12\"}]","timeRestore":false,"title":"z16.04 - Bro - SSL","version":1},"coreMigrationVersion":"7.16.2","id":"cca67b60-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"6139edd0-3641-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"3753e110-365a-11e7-bf60-314364dd1cde","name":"panel_2","type":"visualization"},{"id":"02699580-365a-11e7-bf60-314364dd1cde","name":"panel_3","type":"visualization"},{"id":"db570800-365a-11e7-8bd0-1db2c55fb7a1","name":"panel_4","type":"visualization"},{"id":"f0700840-365a-11e7-8bd0-1db2c55fb7a1","name":"panel_5","type":"visualization"},{"id":"21d090d0-365b-11e7-8bd0-1db2c55fb7a1","name":"panel_6","type":"visualization"},{"id":"53ac63e0-365b-11e7-8bd0-1db2c55fb7a1","name":"panel_7","type":"visualization"},{"id":"ae959820-365c-11e7-8bd0-1db2c55fb7a1","name":"panel_8","type":"visualization"},{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"panel_9","type":"search"},{"id":"23d22bd0-70b4-11e7-810e-2bafe9e41c10","name":"panel_10","type":"visualization"},{"id":"AWDHElRWxQT5EBNmq4lz","name":"panel_11","type":"visualization"},{"id":"ebec2ea0-4c7c-11e8-9b0a-f1d33346f773","name":"panel_12","type":"visualization"}],"sort":[1643385898421,2684],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDQ2LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"mapCenter\":[24.846565348219734,0.087890625],\"mapZoom\":2,\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]","timeRestore":false,"title":"Connections - Destination - Sum of Total Bytes","version":1},"coreMigrationVersion":"7.16.2","id":"ccfcc540-4638-11e7-a82e-d97152153689","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"1342e630-4632-11e7-9903-85f789353078","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"}],"sort":[1643385898421,2687],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDQ3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - File - Entropy","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"Strelka - File - Entropy\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"scan.entropy.entropy\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Entropy\"}}]}"},"coreMigrationVersion":"7.16.2","id":"ce9e03f0-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2689],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDQ4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - Warning","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - Warning\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.warning.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.warning.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Warning\"}}]}"},"coreMigrationVersion":"7.16.2","id":"cf56b070-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2691],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDQ5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endgame - All Logs (copy)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endgame - All Logs\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"coreMigrationVersion":"7.16.2","id":"d43f0350-6347-11ec-864c-8b5450f97635","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"endgame-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,2694],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDUwLDE1XQ=="} -{"attributes":{"description":"","state":{"datasourceStates":{"indexpattern":{"layers":{"851cf638-4ae4-45ad-b7ad-e97c0926b6a3":{"columnOrder":["558ae3ab-245f-4076-9b88-155e26219823","01fd47d1-6f20-44f0-afb6-2850548061f8"],"columns":{"01fd47d1-6f20-44f0-afb6-2850548061f8":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"Records"},"558ae3ab-245f-4076-9b88-155e26219823":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Endgame - Event Categories","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"01fd47d1-6f20-44f0-afb6-2850548061f8","type":"column"},"orderDirection":"desc","otherBucket":true,"size":5},"scale":"ordinal","sourceField":"event.category"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"categoryDisplay":"default","groups":["558ae3ab-245f-4076-9b88-155e26219823"],"layerId":"851cf638-4ae4-45ad-b7ad-e97c0926b6a3","layerType":"data","legendDisplay":"default","metric":"01fd47d1-6f20-44f0-afb6-2850548061f8","nestedLegend":false,"numberDisplay":"percent"}],"shape":"pie"}},"title":"Endgame - Event Categories Graph","visualizationType":"lnsPie"},"coreMigrationVersion":"7.16.2","id":"d58d6c40-624a-11ec-864c-8b5450f97635","migrationVersion":{"lens":"7.16.0"},"references":[{"id":"endgame-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"endgame-*","name":"indexpattern-datasource-layer-851cf638-4ae4-45ad-b7ad-e97c0926b6a3","type":"index-pattern"},{"id":"41a5e270-53b1-11ec-b3ef-6bcc33056a36","name":"tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36","type":"tag"}],"sort":[1643385898421,2698],"type":"lens","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDUxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Tunnels - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"e89c9700-3641-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2700],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDUyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Country","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Tunnels - Country\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Country\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"f60e0c40-6e34-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2702],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDUzLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":20,\"x\":28,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":48,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":48,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":72,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":20,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":20,\"x\":8,\"y\":28,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":48,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"z16.04 - Bro - Tunnels","version":1},"coreMigrationVersion":"7.16.2","id":"d7b54ae0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"e89c9700-3641-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"43b2b040-3807-11e7-a1cc-ebc6a7e70e84","name":"panel_2","type":"visualization"},{"id":"26457730-3808-11e7-a1cc-ebc6a7e70e84","name":"panel_3","type":"visualization"},{"id":"3cdf2400-3808-11e7-a1cc-ebc6a7e70e84","name":"panel_4","type":"visualization"},{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"panel_5","type":"search"},{"id":"f60e0c40-6e34-11e7-9a19-a5996f8250c6","name":"panel_6","type":"visualization"},{"id":"33b39a60-6e35-11e7-9a19-a5996f8250c6","name":"panel_7","type":"visualization"},{"id":"53824da0-6e35-11e7-9a19-a5996f8250c6","name":"panel_8","type":"visualization"},{"id":"AWDHFYrqxQT5EBNmq4qT","name":"panel_9","type":"visualization"}],"sort":[1643385898421,2713],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDU0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event_type:bro_conn\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Connections - Service","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}"},"coreMigrationVersion":"7.16.2","id":"d7d3dda0-54b9-11e9-a48f-b7dfb1d0f288","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2715],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDU1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Server Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Server Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.server_name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssl.server_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Name\"}}]}"},"coreMigrationVersion":"7.16.2","id":"db4dc4a0-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2717],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDU2LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network Datasets","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Network Datasets\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Dataset\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"event.module.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.dataset.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.module.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Module\"}}]}"},"coreMigrationVersion":"7.16.2","id":"dbe4cc20-6ea7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1643385898421,2719],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDU3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Weird - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"dbfe2f00-6e35-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2721],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDU4LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Queries","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Queries\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}}]}"},"coreMigrationVersion":"7.16.2","id":"dcda5680-2927-11e8-b2a2-09f3986ae284","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2723],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDU5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - URI","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - URI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.uri.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.16.2","id":"f63cba40-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2725],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDYwLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:sip\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"1e84368a-ad74-4d57-9793-5c9ce813045b\"},\"panelIndex\":\"1e84368a-ad74-4d57-9793-5c9ce813045b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"304e7cd2-dc4f-4bf4-b1fe-747091d61b67\"},\"panelIndex\":\"304e7cd2-dc4f-4bf4-b1fe-747091d61b67\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"e87052bf-935e-421b-8208-e798a37edf69\"},\"panelIndex\":\"e87052bf-935e-421b-8208-e798a37edf69\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"b2055759-c7fd-43ab-8613-6031e8e148d3\"},\"panelIndex\":\"b2055759-c7fd-43ab-8613-6031e8e148d3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"a303da32-bd43-45a5-acbf-093478d734f9\"},\"panelIndex\":\"a303da32-bd43-45a5-acbf-093478d734f9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":18,\"y\":8,\"w\":8,\"h\":19,\"i\":\"d8632aad-86f0-4290-9480-75ec477ae4cd\"},\"panelIndex\":\"d8632aad-86f0-4290-9480-75ec477ae4cd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":26,\"y\":8,\"w\":8,\"h\":19,\"i\":\"ee3b0df5-4a03-470b-9d26-4eedf4f8b8d6\"},\"panelIndex\":\"ee3b0df5-4a03-470b-9d26-4eedf4f8b8d6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":34,\"y\":8,\"w\":14,\"h\":19,\"i\":\"dbe534a3-1a06-4185-b78a-293d7ec848c4\"},\"panelIndex\":\"dbe534a3-1a06-4185-b78a-293d7ec848c4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":12,\"h\":17,\"i\":\"45de60a4-61ab-4b78-8cc7-5a783070c9be\"},\"panelIndex\":\"45de60a4-61ab-4b78-8cc7-5a783070c9be\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":12,\"y\":27,\"w\":12,\"h\":17,\"i\":\"9cb368f2-b652-4dc9-8427-b88a592e8361\"},\"panelIndex\":\"9cb368f2-b652-4dc9-8427-b88a592e8361\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":27,\"w\":24,\"h\":17,\"i\":\"b78c61e2-61c3-4c43-94d9-c3971ee375be\"},\"panelIndex\":\"b78c61e2-61c3-4c43-94d9-c3971ee375be\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":44,\"w\":48,\"h\":29,\"i\":\"ba5c8087-cf68-4a4c-9800-05731dca2608\"},\"panelIndex\":\"ba5c8087-cf68-4a4c-9800-05731dca2608\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"Security Onion - SIP","version":1},"coreMigrationVersion":"7.16.2","id":"dd98e260-75c6-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"272b8ab0-75ca-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"9ff24600-75ca-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"f63cba40-75ca-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"49384710-75ca-11ea-9565-7315f4ee5cac","name":"panel_8","type":"visualization"},{"id":"81a1a740-75ca-11ea-9565-7315f4ee5cac","name":"panel_9","type":"visualization"},{"id":"cf56b070-75ca-11ea-9565-7315f4ee5cac","name":"panel_10","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_11","type":"search"}],"sort":[1643385898421,2738],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDYxLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":80,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":32,\"w\":14,\"h\":24,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":22,\"y\":32,\"w\":14,\"h\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":24,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":80,\"w\":48,\"h\":24,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":56,\"w\":40,\"h\":24,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}},\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":36,\"y\":32,\"w\":12,\"h\":24,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":24,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"z16.04 - Bro - Weird","version":1},"coreMigrationVersion":"7.16.2","id":"de2da250-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"0dbcade0-3642-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"1b837b00-364e-11e7-9dc3-d35061cb642d","name":"panel_2","type":"visualization"},{"id":"312cd460-364e-11e7-9dc3-d35061cb642d","name":"panel_3","type":"visualization"},{"id":"8dbbbed0-364e-11e7-9dc3-d35061cb642d","name":"panel_4","type":"visualization"},{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"panel_5","type":"search"},{"id":"ca3e57d0-4172-11e7-9850-b78558d0ac17","name":"panel_6","type":"visualization"},{"id":"dbfe2f00-6e35-11e7-9a19-a5996f8250c6","name":"panel_7","type":"visualization"},{"id":"AWDHGXk-xQT5EBNmq4uf","name":"panel_8","type":"visualization"},{"id":"691ade50-4c85-11e8-9b0a-f1d33346f773","name":"panel_9","type":"visualization"}],"sort":[1643385898421,2749],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDYyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Hash - SSDeep","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Hash - SSDeep\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Hash\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hash.ssdeep.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SSDeep\"}}]}"},"coreMigrationVersion":"7.16.2","id":"e087c7d0-772d-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2751],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDYzLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":63,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":63,\"w\":16,\"h\":28,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":63,\"w\":16,\"h\":28,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":91,\"w\":16,\"h\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":91,\"w\":16,\"h\":24,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":32,\"y\":91,\"w\":16,\"h\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":8,\"w\":18,\"h\":16,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":32,\"w\":40,\"h\":31,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":115,\"w\":48,\"h\":24,\"i\":\"25\"},\"panelIndex\":\"25\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":24,\"w\":18,\"h\":8,\"i\":\"26\"},\"panelIndex\":\"26\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"29\"},\"panelIndex\":\"29\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":32,\"y\":63,\"w\":16,\"h\":28,\"i\":\"31\"},\"panelIndex\":\"31\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":22,\"h\":24,\"i\":\"32\"},\"panelIndex\":\"32\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"}]","timeRestore":false,"title":"z16.04 - Bro - Connections","version":1},"coreMigrationVersion":"7.16.2","id":"e0a34b90-34e6-11e7-9118-45bd317f0ca4","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"2da139c0-34e7-11e7-9118-45bd317f0ca4","name":"panel_1","type":"visualization"},{"id":"8261cf00-366e-11e7-8c78-e3086faf385c","name":"panel_2","type":"visualization"},{"id":"9a54f150-366e-11e7-8c78-e3086faf385c","name":"panel_3","type":"visualization"},{"id":"296823d0-366f-11e7-8c78-e3086faf385c","name":"panel_4","type":"visualization"},{"id":"b50912f0-366f-11e7-8c78-e3086faf385c","name":"panel_5","type":"visualization"},{"id":"05088150-3670-11e7-8c78-e3086faf385c","name":"panel_6","type":"visualization"},{"id":"c3152010-3673-11e7-8c78-e3086faf385c","name":"panel_7","type":"visualization"},{"id":"13fe29c0-3b17-11e7-b871-5f76306b9694","name":"panel_8","type":"visualization"},{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"panel_9","type":"search"},{"id":"25ce6eb0-463b-11e7-a82e-d97152153689","name":"panel_10","type":"visualization"},{"id":"AWDG71xFxQT5EBNmq336","name":"panel_11","type":"visualization"},{"id":"bc7fbe00-4a44-11e8-9b0a-f1d33346f773","name":"panel_12","type":"visualization"},{"id":"d7d3dda0-54b9-11e9-a48f-b7dfb1d0f288","name":"panel_13","type":"visualization"}],"sort":[1643385898421,2766],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDY0LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Destination Port (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DNS - Destination Port (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"e3717d80-6e0f-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2768],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDY1LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Certificate Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_subject.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}"},"coreMigrationVersion":"7.16.2","id":"fab4b560-37d8-11e7-9efb-91e89505091f","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2770],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDY2LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\",\"time_zone\":\"America/New_York\"}},\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":68,\"x\":0,\"y\":96,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"columns\":[\"certificate_subject\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":20,\"x\":8,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":48,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":72,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":20,\"x\":28,\"y\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":20,\"x\":8,\"y\":28,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"z16.04 - Bro - X.509","version":1},"coreMigrationVersion":"7.16.2","id":"e5aa7170-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"41bee360-3642-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"panel_2","type":"search"},{"id":"738127f0-37d7-11e7-9efb-91e89505091f","name":"panel_3","type":"visualization"},{"id":"fab4b560-37d8-11e7-9efb-91e89505091f","name":"panel_4","type":"visualization"},{"id":"0a5f7b30-37d9-11e7-9efb-91e89505091f","name":"panel_5","type":"visualization"},{"id":"150f7280-6e37-11e7-a8d6-ed2e692de531","name":"panel_6","type":"visualization"},{"id":"446e85c0-6e37-11e7-a8d6-ed2e692de531","name":"panel_7","type":"visualization"},{"id":"AWDHGklsxQT5EBNmq4wG","name":"panel_8","type":"visualization"}],"sort":[1643385898421,2780],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDY3LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Host - Domain","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Host - Domain\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Domain\"}}]}"},"coreMigrationVersion":"7.16.2","id":"e80aa100-7375-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2782],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDY4LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"mapCenter\":[39.639537564366684,0.17578125],\"mapZoom\":2,\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]","timeRestore":false,"title":"Connections - Destination - Top Connection Duration","version":1},"coreMigrationVersion":"7.16.2","id":"ea211360-46c4-11e7-a82e-d97152153689","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f7492d0-46c4-11e7-a82e-d97152153689","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"}],"sort":[1643385898421,2785],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDY5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Answers","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Answers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"answers.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}]}"},"coreMigrationVersion":"7.16.2","id":"ff2af9b0-2927-11e8-b2a2-09f3986ae284","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"sort":[1643385898421,2787],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDcwLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":68,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":44,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":44,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":92,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":64,\"x\":0,\"y\":116,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":12,\"x\":32,\"y\":44,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"vis\":null,\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":12,\"x\":32,\"y\":56,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{\"vis\":null,\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":68,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":68,\"i\":\"25\"},\"panelIndex\":\"25\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":20,\"i\":\"26\"},\"panelIndex\":\"26\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":20,\"i\":\"27\"},\"panelIndex\":\"27\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_14\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":20,\"i\":\"28\"},\"panelIndex\":\"28\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_15\"}]","timeRestore":false,"title":"z16.04 - Bro - DNS","version":1},"coreMigrationVersion":"7.16.2","id":"ebf5ec90-34bf-11e7-9b32-bb903919ead9","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"6ef90c30-34c0-11e7-9b32-bb903919ead9","name":"panel_1","type":"visualization"},{"id":"57a9a3f0-34c0-11e7-9b32-bb903919ead9","name":"panel_2","type":"visualization"},{"id":"45a652b0-34c1-11e7-917c-af7a9d11771a","name":"panel_3","type":"visualization"},{"id":"e8e3b8a0-34c1-11e7-917c-af7a9d11771a","name":"panel_4","type":"visualization"},{"id":"1ecdd2e0-34c0-11e7-9b32-bb903919ead9","name":"panel_5","type":"visualization"},{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"panel_6","type":"search"},{"id":"e3717d80-6e0f-11e7-8624-1fb07dd76c6a","name":"panel_7","type":"visualization"},{"id":"4d89e140-6f09-11e7-9d31-23c0596994a7","name":"panel_8","type":"visualization"},{"id":"74861280-6f06-11e7-b253-211f64f37eda","name":"panel_9","type":"visualization"},{"id":"AWDG9Qx0xQT5EBNmq3_2","name":"panel_10","type":"visualization"},{"id":"dcda5680-2927-11e8-b2a2-09f3986ae284","name":"panel_11","type":"visualization"},{"id":"ff2af9b0-2927-11e8-b2a2-09f3986ae284","name":"panel_12","type":"visualization"},{"id":"22f7de30-4949-11e8-9576-313be7c6b44b","name":"panel_13","type":"visualization"},{"id":"0c338e50-4a4e-11e8-9b0a-f1d33346f773","name":"panel_14","type":"visualization"},{"id":"49e04860-4a4e-11e8-9b0a-f1d33346f773","name":"panel_15","type":"visualization"}],"sort":[1643385898421,2804],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDcxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMB - File System","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMB - File System\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"smb.file_system.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smb.file_system.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File System\"}}]}"},"coreMigrationVersion":"7.16.2","id":"ed215680-75ef-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2806],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDcyLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":51,\"i\":\"4\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":22,\"i\":\"6\",\"w\":48,\"x\":0,\"y\":51},\"panelIndex\":\"6\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":17,\"i\":\"12\",\"w\":20,\"x\":8,\"y\":34},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"title\":\"NIDS Alert - Source Port\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":8,\"i\":\"16\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"16\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":17,\"i\":\"18\",\"w\":20,\"x\":28,\"y\":34},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"NIDS Alert - Destination Port\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":16,\"i\":\"19\",\"w\":40,\"x\":8,\"y\":18},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"NIDS - Alert Summary \",\"panelRefName\":\"panel_6\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":10,\"i\":\"20\",\"w\":17,\"x\":8,\"y\":8},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"NIDS - Alert Title\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":10,\"i\":\"21\",\"w\":23,\"x\":25,\"y\":8},\"panelIndex\":\"21\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"NIDS - Rule Signature\",\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"NIDS - SID Drilldown","version":1},"coreMigrationVersion":"7.16.2","id":"ed6f7e20-e060-11e9-8f0c-2ddbf5ed9290","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"d58ec1a0-34e4-11e7-9669-7f1d3242b798","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"panel_2","type":"search"},{"id":"620283e0-3af5-11e7-a83b-b1b4da7d15f4","name":"panel_3","type":"visualization"},{"id":"AWDG3ym0xQT5EBNmq3mG","name":"panel_4","type":"visualization"},{"id":"3f040620-4a44-11e8-9b0a-f1d33346f773","name":"panel_5","type":"visualization"},{"id":"3a1b54b0-e061-11e9-8f0c-2ddbf5ed9290","name":"panel_6","type":"visualization"},{"id":"1b3faca0-e064-11e9-8f0c-2ddbf5ed9290","name":"panel_7","type":"visualization"},{"id":"6533dd40-e064-11e9-8f0c-2ddbf5ed9290","name":"panel_8","type":"visualization"}],"sort":[1643385898421,2816],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDczLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Version","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Version\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.16.2","id":"ede56800-6ed7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1643385898421,2818],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDc0LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:ssl\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"7ba54e84-e774-489e-b4e5-156bff163007\"},\"panelIndex\":\"7ba54e84-e774-489e-b4e5-156bff163007\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"83706228-debf-441c-ab7f-2e20c91ec132\"},\"panelIndex\":\"83706228-debf-441c-ab7f-2e20c91ec132\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"e06b2a92-d78b-4d77-9948-40a96a630656\"},\"panelIndex\":\"e06b2a92-d78b-4d77-9948-40a96a630656\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":20,\"i\":\"6f2ba042-522e-43a3-8b9f-0d00e1b60070\"},\"panelIndex\":\"6f2ba042-522e-43a3-8b9f-0d00e1b60070\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":9,\"y\":8,\"w\":10,\"h\":20,\"i\":\"f9b0f61d-4ff7-4bfb-a210-61ac7c07407a\"},\"panelIndex\":\"f9b0f61d-4ff7-4bfb-a210-61ac7c07407a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":19,\"y\":8,\"w\":11,\"h\":20,\"i\":\"19764782-13cb-4b14-b272-d30fbdead5a2\"},\"panelIndex\":\"19764782-13cb-4b14-b272-d30fbdead5a2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":8,\"w\":18,\"h\":20,\"i\":\"8e0caa58-2dba-4d73-bf54-2c5452b7e5ff\"},\"panelIndex\":\"8e0caa58-2dba-4d73-bf54-2c5452b7e5ff\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":28,\"w\":48,\"h\":21,\"i\":\"a804d523-cf9b-47f1-85ca-4931defc69ce\"},\"panelIndex\":\"a804d523-cf9b-47f1-85ca-4931defc69ce\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":49,\"w\":48,\"h\":21,\"i\":\"6ce88ef8-a636-4f1c-85e9-922ab70a500f\"},\"panelIndex\":\"6ce88ef8-a636-4f1c-85e9-922ab70a500f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":70,\"w\":48,\"h\":29,\"i\":\"75b95d1d-98a0-4d86-b72b-1ecc6f5d7c5a\"},\"panelIndex\":\"75b95d1d-98a0-4d86-b72b-1ecc6f5d7c5a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Security Onion - SSL","version":1},"coreMigrationVersion":"7.16.2","id":"efae8de0-75eb-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"db4dc4a0-75ec-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"b8371250-75ec-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"4e8cbf80-75ec-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"6fccb600-75ec-11ea-9565-7315f4ee5cac","name":"panel_8","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_9","type":"search"}],"sort":[1643385898421,2829],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDc1LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.3.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[24.84656534821976,0.17578125],\"mapZoom\":2,\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]","timeRestore":false,"title":"Connections - Source - Sum of Total Bytes","version":1},"coreMigrationVersion":"7.16.2","id":"f042ad60-46c6-11e7-946f-1bfb1be7c36b","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"1156b1e0-46c7-11e7-946f-1bfb1be7c36b","name":"panel_1","type":"visualization"}],"sort":[1643385898421,2851],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDg3LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:smb*\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"4f0e2e7d-aeee-4de8-82f0-9faffa596a05\"},\"panelIndex\":\"4f0e2e7d-aeee-4de8-82f0-9faffa596a05\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"efd2f5f0-c795-41e8-b0d7-7a3012e04d4d\"},\"panelIndex\":\"efd2f5f0-c795-41e8-b0d7-7a3012e04d4d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"c4342fbe-e949-42d7-959c-c1ce6978033a\"},\"panelIndex\":\"c4342fbe-e949-42d7-959c-c1ce6978033a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"f59a811c-5a72-4337-84bd-32a5d1dce308\"},\"panelIndex\":\"f59a811c-5a72-4337-84bd-32a5d1dce308\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"5bb49dfa-0703-448b-a249-6cebb45e101c\"},\"panelIndex\":\"5bb49dfa-0703-448b-a249-6cebb45e101c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":18,\"y\":8,\"w\":10,\"h\":19,\"i\":\"4f886675-43c8-46c9-a471-717010d40e67\"},\"panelIndex\":\"4f886675-43c8-46c9-a471-717010d40e67\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":10,\"h\":19,\"i\":\"f00a4afd-cd5f-48a4-a8d3-bc80f7367285\"},\"panelIndex\":\"f00a4afd-cd5f-48a4-a8d3-bc80f7367285\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":38,\"y\":8,\"w\":10,\"h\":19,\"i\":\"c88f8f9f-c3d9-43c1-bfb1-bb2b7f64b92f\"},\"panelIndex\":\"c88f8f9f-c3d9-43c1-bfb1-bb2b7f64b92f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":20,\"i\":\"d76e30ec-3114-4100-a806-2a77ba987bbe\"},\"panelIndex\":\"d76e30ec-3114-4100-a806-2a77ba987bbe\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":29,\"i\":\"b48f25cd-4353-46f1-ba89-12da381a65eb\"},\"panelIndex\":\"b48f25cd-4353-46f1-ba89-12da381a65eb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Security Onion - SMB","version":1},"coreMigrationVersion":"7.16.2","id":"f24d7b80-75c6-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"34762420-75f0-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"1c6567b0-75f0-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"ed215680-75ef-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"052df440-75f0-11ea-9565-7315f4ee5cac","name":"panel_8","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_9","type":"search"}],"sort":[1643385898421,2862],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDg4LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.module:playbook AND event.dataset:alert\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":8,\"i\":\"c2172038-7740-458c-977a-98d139c438c2\"},\"panelIndex\":\"c2172038-7740-458c-977a-98d139c438c2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security Onion - Alert Data\",\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":18,\"h\":8,\"i\":\"b18f1671-c1a0-44c8-946b-71bc21e62482\"},\"panelIndex\":\"b18f1671-c1a0-44c8-946b-71bc21e62482\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":26,\"y\":0,\"w\":22,\"h\":8,\"i\":\"b26faccc-11d5-4cc3-8fd2-484b5e3659bc\"},\"panelIndex\":\"b26faccc-11d5-4cc3-8fd2-484b5e3659bc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":26,\"h\":18,\"i\":\"1f88747a-06f5-4450-8d08-150d0cd37667\"},\"panelIndex\":\"1f88747a-06f5-4450-8d08-150d0cd37667\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":26,\"y\":8,\"w\":22,\"h\":18,\"i\":\"0b5a83d1-8f56-4616-b0aa-af25a1995379\"},\"panelIndex\":\"0b5a83d1-8f56-4616-b0aa-af25a1995379\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":26,\"w\":48,\"h\":21,\"i\":\"28431fa5-4ce9-40db-a190-541b3390f9d0\"},\"panelIndex\":\"28431fa5-4ce9-40db-a190-541b3390f9d0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"}]","timeRestore":false,"title":"Security Onion - Playbook","version":1},"coreMigrationVersion":"7.16.2","id":"f449f0a0-c77c-11ea-bebb-37c5ab5894ea","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"508fb520-72af-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"f7e1d570-72ae-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"search"}],"sort":[1643385898421,2869],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDg5LDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Zeek - Notice Action","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Zeek - Notice Action\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"notice.p: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"notice.action.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"7.16.2","id":"fafba910-7a84-11ea-9d13-57f5db13d1ed","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2871],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDkwLDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:notice AND event.module:zeek\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3c981b35-b930-4523-bef4-7f5193148816\"},\"panelIndex\":\"3c981b35-b930-4523-bef4-7f5193148816\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":16,\"h\":8,\"i\":\"eb1b234a-2d6b-46af-9afe-a420a389dad1\"},\"panelIndex\":\"eb1b234a-2d6b-46af-9afe-a420a389dad1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":8,\"i\":\"7d323b2f-3502-4397-93fd-b430d9011d92\"},\"panelIndex\":\"7d323b2f-3502-4397-93fd-b430d9011d92\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":19,\"h\":18,\"i\":\"298b9cf4-5e54-45f5-805c-e04b31044401\"},\"panelIndex\":\"298b9cf4-5e54-45f5-805c-e04b31044401\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":19,\"y\":8,\"w\":29,\"h\":18,\"i\":\"1fa5b7c2-2680-4dd0-9c07-a714d8d8968a\"},\"panelIndex\":\"1fa5b7c2-2680-4dd0-9c07-a714d8d8968a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":26,\"w\":11,\"h\":23,\"i\":\"9056cf20-d882-4316-ba02-91ecbd1d4df9\"},\"panelIndex\":\"9056cf20-d882-4316-ba02-91ecbd1d4df9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":11,\"y\":26,\"w\":11,\"h\":23,\"i\":\"5f855acb-fec5-4155-b2ef-0961a6d9a89c\"},\"panelIndex\":\"5f855acb-fec5-4155-b2ef-0961a6d9a89c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":22,\"y\":26,\"w\":10,\"h\":23,\"i\":\"208bc4b2-013a-4aab-b72c-45a618077791\"},\"panelIndex\":\"208bc4b2-013a-4aab-b72c-45a618077791\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":32,\"y\":26,\"w\":16,\"h\":23,\"i\":\"5429bbba-3d62-4a93-9932-4a2cc4369775\"},\"panelIndex\":\"5429bbba-3d62-4a93-9932-4a2cc4369775\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":49,\"w\":48,\"h\":20,\"i\":\"e08f3143-7e05-49ab-882f-d63e24e622bb\"},\"panelIndex\":\"e08f3143-7e05-49ab-882f-d63e24e622bb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Security Onion - Zeek - Notices","version":1},"coreMigrationVersion":"7.16.2","id":"fa9ed760-7734-11ea-bee5-af7f7c7b8e05","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"9c6ccff0-7a84-11ea-9d13-57f5db13d1ed","name":"panel_3","type":"visualization"},{"id":"c8039090-7a84-11ea-9d13-57f5db13d1ed","name":"panel_4","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"visualization"},{"id":"fafba910-7a84-11ea-9d13-57f5db13d1ed","name":"panel_8","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_9","type":"search"}],"sort":[1643385898421,2882],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDkxLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.module.keyword\",\"negate\":true,\"params\":{\"query\":\"suricata\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.module.keyword\":\"suricata\"}}}]}"},"savedSearchRefName":"search_0","title":"Security Onion - Playbook - Rules","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.module.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Module\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rule.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"title\":\"Security Onion - Playbook - Rules\"}"},"coreMigrationVersion":"7.16.2","id":"faaf66e0-c77d-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"sort":[1643385898421,2885],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDkyLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Syslog - Severity (Donut)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"syslog.severity_label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"syslog.severity_label: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"title\":\"Security Onion - Syslog - Severity (Donut)\"}"},"coreMigrationVersion":"7.16.2","id":"fc8d41a0-777b-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1643385898421,2887],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDkzLDE1XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Top Source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Top Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"source.ip: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"},"coreMigrationVersion":"7.16.2","id":"fd8b4640-6e9f-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.14.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"sort":[1643385898421,2889],"type":"visualization","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDk0LDE1XQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.module:strelka\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":7,\"i\":\"a2e0a619-a5c5-40d9-8593-e60f13ae22bf\"},\"panelIndex\":\"a2e0a619-a5c5-40d9-8593-e60f13ae22bf\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":21,\"h\":7,\"i\":\"566a9d04-f2dc-4868-9625-97a19d985703\"},\"panelIndex\":\"566a9d04-f2dc-4868-9625-97a19d985703\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":7,\"i\":\"f247ec64-c278-4e05-ac4d-983bea9dfb7d\"},\"panelIndex\":\"f247ec64-c278-4e05-ac4d-983bea9dfb7d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":7,\"w\":12,\"h\":20,\"i\":\"6e80a142-ab0e-4fd3-891c-e495b78a1625\"},\"panelIndex\":\"6e80a142-ab0e-4fd3-891c-e495b78a1625\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":12,\"y\":7,\"w\":11,\"h\":20,\"i\":\"292cc879-6bc0-4541-ba92-3b3c5f4e3368\"},\"panelIndex\":\"292cc879-6bc0-4541-ba92-3b3c5f4e3368\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":7,\"w\":14,\"h\":20,\"i\":\"66979b2c-e7c1-4291-91ac-16537b7f9ec3\"},\"panelIndex\":\"66979b2c-e7c1-4291-91ac-16537b7f9ec3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":37,\"y\":7,\"w\":11,\"h\":20,\"i\":\"8bb1cf98-0401-4a2d-9dd8-deca08205a22\"},\"panelIndex\":\"8bb1cf98-0401-4a2d-9dd8-deca08205a22\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":8,\"h\":20,\"i\":\"393f3cec-3ee0-4275-b319-f307e7a260c6\"},\"panelIndex\":\"393f3cec-3ee0-4275-b319-f307e7a260c6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":27,\"w\":15,\"h\":20,\"i\":\"0e8800a9-a6f5-4a79-8370-61713f584886\"},\"panelIndex\":\"0e8800a9-a6f5-4a79-8370-61713f584886\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":27,\"w\":25,\"h\":20,\"i\":\"be9a0a2a-d8c6-4d15-b5d7-d5599d0482a3\"},\"panelIndex\":\"be9a0a2a-d8c6-4d15-b5d7-d5599d0482a3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":27,\"i\":\"40296d2b-cb6f-423f-989c-3fdaa82d2aad\"},\"panelIndex\":\"40296d2b-cb6f-423f-989c-3fdaa82d2aad\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"Security Onion - Strelka","version":1},"coreMigrationVersion":"7.16.2","id":"ff689c50-75f3-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.16.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"7a88adc0-75f0-11ea-9565-7315f4ee5cac","name":"panel_3","type":"visualization"},{"id":"49cfe850-772c-11ea-bee5-af7f7c7b8e05","name":"panel_4","type":"visualization"},{"id":"70243970-772c-11ea-bee5-af7f7c7b8e05","name":"panel_5","type":"visualization"},{"id":"ce9e03f0-772c-11ea-bee5-af7f7c7b8e05","name":"panel_6","type":"visualization"},{"id":"a7ebb450-772c-11ea-bee5-af7f7c7b8e05","name":"panel_7","type":"visualization"},{"id":"08c0b770-772e-11ea-bee5-af7f7c7b8e05","name":"panel_8","type":"visualization"},{"id":"e087c7d0-772d-11ea-bee5-af7f7c7b8e05","name":"panel_9","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_10","type":"search"}],"sort":[1643385898421,2901],"type":"dashboard","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDk1LDE1XQ=="} -{"attributes":{"allowNoIndex":true,"fieldFormatMap":"{\"Ransomware.child_processes.pid\":{\"id\":\"string\"},\"Ransomware.pid\":{\"id\":\"string\"},\"Responses.@timestamp\":{\"id\":\"string\"},\"Target.process.parent.pgid\":{\"id\":\"string\"},\"Target.process.parent.pid\":{\"id\":\"string\"},\"Target.process.parent.ppid\":{\"id\":\"string\"},\"Target.process.parent.thread.id\":{\"id\":\"string\"},\"Target.process.pgid\":{\"id\":\"string\"},\"Target.process.pid\":{\"id\":\"string\"},\"Target.process.ppid\":{\"id\":\"string\"},\"Target.process.thread.id\":{\"id\":\"string\"},\"event.sequence\":{\"id\":\"string\"},\"event.severity\":{\"id\":\"string\"},\"process.parent.pgid\":{\"id\":\"string\"},\"process.parent.pid\":{\"id\":\"string\"},\"process.parent.ppid\":{\"id\":\"string\"},\"process.parent.thread.id\":{\"id\":\"string\"},\"process.pgid\":{\"id\":\"string\"},\"process.pid\":{\"id\":\"string\"},\"process.ppid\":{\"id\":\"string\"},\"process.thread.id\":{\"id\":\"string\"},\"threat.enrichments.indicator.file.elf.header.entrypoint\":{\"id\":\"string\"},\"threat.enrichments.indicator.file.elf.sections.chi2\":{\"id\":\"number\"},\"threat.enrichments.indicator.file.elf.sections.entropy\":{\"id\":\"number\"},\"threat.enrichments.indicator.file.elf.sections.physical_size\":{\"id\":\"bytes\"},\"threat.enrichments.indicator.file.elf.sections.virtual_address\":{\"id\":\"string\"},\"threat.enrichments.indicator.file.elf.sections.virtual_size\":{\"id\":\"string\"},\"threat.enrichments.indicator.url.port\":{\"id\":\"string\"},\"threat.indicator.file.elf.header.entrypoint\":{\"id\":\"string\"},\"threat.indicator.file.elf.sections.chi2\":{\"id\":\"number\"},\"threat.indicator.file.elf.sections.entropy\":{\"id\":\"number\"},\"threat.indicator.file.elf.sections.physical_size\":{\"id\":\"bytes\"},\"threat.indicator.file.elf.sections.virtual_address\":{\"id\":\"string\"},\"threat.indicator.file.elf.sections.virtual_size\":{\"id\":\"string\"},\"threat.indicator.url.port\":{\"id\":\"string\"},\"destination.bytes\":{\"id\":\"bytes\"},\"destination.port\":{\"id\":\"string\"},\"http.request.body.bytes\":{\"id\":\"bytes\"},\"http.request.bytes\":{\"id\":\"bytes\"},\"http.response.body.bytes\":{\"id\":\"bytes\"},\"http.response.bytes\":{\"id\":\"bytes\"},\"http.response.status_code\":{\"id\":\"string\"},\"network.bytes\":{\"id\":\"bytes\"},\"source.bytes\":{\"id\":\"bytes\"},\"source.port\":{\"id\":\"string\"}}","fields":"[{\"name\":\"cloud.account.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.availability_zone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.instance.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.instance.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.machine.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.project.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.image.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.image.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.labels\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.family\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.kernel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.os.platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.containerized\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.dataset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.namespace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"elastic_agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.snapshot\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.dataset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ecs.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.ingested\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.kind\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.outcome\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.sequence\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"related.hosts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"related.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"related.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.as.number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.as.organization.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.dropped_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.error\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.pwd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.home\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.shell\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.api\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.activity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AuthenticationPackageName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Binary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.BitlockerUserInputTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.BootMode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.BootType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.BuildVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CorruptionActionState\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CreationUtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Detail\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DeviceName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DeviceNameLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DeviceTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DeviceVersionMajor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DeviceVersionMinor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DriveName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DriverName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DriverNameLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DwordVal\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.EntryCount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ExtraInfo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.FailureName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.FailureNameLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.FileVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.FinalStatus\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.IdleImplementation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.IdleStateCount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ImpersonationLevel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.IntegrityLevel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.IpAddress\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.IpPort\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.KeyLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LastBootGood\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LastShutdownGood\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LmPackageName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LogonGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LogonProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LogonType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MajorVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MaximumPerformancePercent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MemberName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MemberSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MinimumPerformancePercent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MinimumThrottlePercent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MinorVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewProcessId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSchemeGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NominalFrequency\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSchemeGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OriginalFileName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PerformanceImplementation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PreviousCreationUtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PreviousTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PrivilegeList\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ProcessId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ProcessPath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ProcessPid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PuaCount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PuaPolicyId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.QfeVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SchemaVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ScriptBlockText\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ShutdownActionType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ShutdownEventCode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ShutdownReason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SignatureStatus\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.StartTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.State\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.StopTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubjectDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubjectLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubjectUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubjectUserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TSId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetInfo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetLogonGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetServerName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetUserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TerminalSessionId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TokenElevationType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TransmittedServices\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.UserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Workstation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param4\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param7\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param8\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.keywords\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.channel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.record_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.related_activity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.opcode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.provider_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.process.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.provider_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.task\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.process.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"input.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"related.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.logon.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.logon.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.logon.failure.reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.logon.failure.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.logon.failure.sub_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.computerObject.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.computerObject.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.computerObject.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccessGranted\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccessList\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccessListDescription\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccessMask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccessMaskDescription\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccessRemoved\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccountDomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccountExpires\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccountName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AllowedToDelegateTo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AuditPolicyChanges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AuditPolicyChangesDescription\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AuditSourceName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CallerProcessId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CallerProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CategoryId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ClientAddress\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ClientName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CommandLine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CrashOnAuditFailValue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DisplayName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DomainBehaviorVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DomainPolicyChanged\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DomainSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Dummy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.EventSourceId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.FailureReason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.GroupTypeChange\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.HandleId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.HomeDirectory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.HomePath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.KerberosPolicyChange\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LogonHours\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LogonID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MachineAccountQuota\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MandatoryLabel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MixedDomainMode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSdDacl0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSdDacl1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSdDacl2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSdSacl0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSdSacl1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSdSacl2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewTargetUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewUACList\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewUacValue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ObjectName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ObjectServer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ObjectType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OemInformation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSdDacl0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSdDacl1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSdDacl2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSdSacl0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSdSacl1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSdSacl2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldTargetUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldUacValue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PackageName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PasswordLastSet\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PasswordHistoryLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ParentProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PreAuthType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PrimaryGroupId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ProfilePath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ResourceAttributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SamAccountName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ScriptPath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SidHistory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceAccount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceFileName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceStartType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SessionName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SidFilteringEnabled\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.StatusDescription\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubCategory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubCategoryGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubcategoryGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubCategoryId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubcategoryId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubStatus\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TdoAttributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TdoDirection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TdoType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TicketEncryptionType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TicketEncryptionTypeDescription\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TicketOptions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TicketOptionsDescription\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.UserAccountControl\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.UserParameters\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.UserPrincipalName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.UserWorkstations\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.WorkstationName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.outcome\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.time_created\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.trustAttribute\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.trustDirection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.trustType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.BackupPath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.Channel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.SubjectDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.SubjectLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.SubjectUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.SubjectUserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.xml_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"action_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"completed_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.comment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"started_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.action_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.completed_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.data.command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.data.comment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"EndpointActions.started_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.stack_trace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"error.stack_trace.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"error.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.end\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"expiration\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"input_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.expiration\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.input_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Events\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.artifacts.global\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.cross_session\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.feature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.parent_to_child\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.self_injection\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.thread_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.unique_key_v1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.feature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.data\",\"type\":\"binary\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Ransomware.child_processes.files.entropy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.metrics\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.original.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.original.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Ransomware.feature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.data\",\"type\":\"binary\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Ransomware.files.entropy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.metrics\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.original.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.original.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.action.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.action.field\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Responses.action.state\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Responses.process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.process.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Responses.process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.process.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.result\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Target.dll.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.ancestry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.authentication_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Target.process.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.allocation_base\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.allocation_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.allocation_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.allocation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.bytes_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.bytes_allocation_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.bytes_compressed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"Target.process.Ext.memory_region.bytes_compressed_present\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.all_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.primary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.primary.matches\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"Target.process.Ext.memory_region.malware_signature.primary.signature.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.primary.signature.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.primary.signature.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.primary.signature.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe_detected\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe_detected\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.region_base\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.region_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.region_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.region_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"Target.process.Ext.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.services\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.session\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.command_line.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.command_line.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.executable.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.real.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.command_line.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.command_line.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.executable.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.title.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.working_directory.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.working_directory.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.instruction_pointer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.module_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.rva\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.symbol_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_summary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.parameter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.parameter_bytes_compressed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"Target.process.thread.Ext.parameter_bytes_compressed_present\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_allocation_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_bytes_disasm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_bytes_disasm_hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.title.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.working_directory.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.working_directory.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"agent.ephemeral_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dll.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.risk_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.severity\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.entry_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.code_page\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.errors.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.errors.error_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.file_extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.raw_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.raw_code_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.quarantine_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.quarantine_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.quarantine_result\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.temp_file_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.windows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.windows.zone_identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.accessed\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.attributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.ctime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.drive_letter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mtime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target_path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target_path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext.variant\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.os.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.full_name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.ancestry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.authentication_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.allocation_base\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.allocation_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.allocation_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.allocation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.bytes_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.bytes_allocation_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.bytes_compressed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"process.Ext.memory_region.bytes_compressed_present\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.all_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.primary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.primary.matches\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"process.Ext.memory_region.malware_signature.primary.signature.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.primary.signature.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.primary.signature.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.primary.signature.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe_detected\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe_detected\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.region_base\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.region_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.region_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.region_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"process.Ext.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.services\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.session\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.executable.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.real.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.title.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.instruction_pointer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.memory_section.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.memory_section.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.memory_section.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.module_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.rva\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.symbol_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_summary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.parameter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.parameter_bytes_compressed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"process.thread.Ext.parameter_bytes_compressed_present\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_allocation_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_bytes_disasm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_bytes_disasm_hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.title.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"registry.data.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.author\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.license\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.ruleset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.as.number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.as.organization.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.as.organization.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.confidence\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.email.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.entropy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.entry_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.header_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.header_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.all_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary.matches\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary.signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary.signature.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary.signature.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary.signature.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary.signature.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.secondary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.monotonic_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.quarantine_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.quarantine_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.quarantine_result\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.temp_file_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.windows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.windows.zone_identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.accessed\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.attributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.ctime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.drive_letter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.byte_order\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.cpu_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.exports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.abi_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.entrypoint\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.object_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.os_abi\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.imports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.chi2\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.entropy\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.physical_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.physical_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.virtual_address\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.virtual_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.segments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.segments.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.segments.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.shared_libraries\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.telfhash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.hash.ssdeep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.mtime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.target_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.target_path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.target_path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.first_seen\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.hash.ssdeep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.last_seen\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.marking.tlp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.modified_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.data.bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.data.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.data.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.hive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.scanner_stats\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.sightings\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.fragment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.full.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.original.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.scheme\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.alternative_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.organizational_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.state_or_province\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.not_after\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.not_before\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.public_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.public_key_curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.public_key_exponent\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"threat.enrichments.indicator.x509.public_key_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.signature_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.organizational_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.state_or_province\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.version_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.matched.atomic\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.matched.field\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.matched.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.matched.index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.matched.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.framework\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.group.alias\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.group.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.as.number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.as.organization.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.as.organization.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.confidence\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.email.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.entropy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.entry_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.header_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.header_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.all_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary.matches\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary.signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary.signature.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary.signature.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary.signature.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary.signature.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.secondary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.monotonic_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.quarantine_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.quarantine_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.quarantine_result\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.temp_file_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.windows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.windows.zone_identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.accessed\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.attributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.ctime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.drive_letter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.byte_order\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.cpu_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.exports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.abi_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.entrypoint\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.object_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.os_abi\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.imports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.chi2\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.entropy\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.physical_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.physical_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.virtual_address\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.virtual_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.segments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.segments.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.segments.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.shared_libraries\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.telfhash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.hash.ssdeep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.mtime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.target_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.target_path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.target_path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.first_seen\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.hash.ssdeep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.last_seen\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.marking.tlp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.modified_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.data.bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.data.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.data.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.hive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.scanner_stats\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.sightings\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.fragment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.full.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.original.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.scheme\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.alternative_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.organizational_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.state_or_province\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.not_after\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.not_before\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.public_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.public_key_curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.public_key_exponent\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"threat.indicator.x509.public_key_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.signature_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.organizational_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.state_or_province\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.version_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.software.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.software.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.software.platforms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.software.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.software.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.tactic.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.tactic.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.tactic.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.technique.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.subtechnique.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.subtechnique.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.subtechnique.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.technique.subtechnique.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.full_name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"user.group.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"event.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.Ext.correlation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.Ext.correlation.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.entropy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.header_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.header_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.all_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary.matches\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary.signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary.signature.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary.signature.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary.signature.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary.signature.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.secondary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.monotonic_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.defense_evasions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.load_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.Ext.options\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.Ext.status\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.resolved_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.request.body.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.request.body.content\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.request.body.content.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"http.request.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.Ext.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.content\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.content.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"http.response.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.status_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.community_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.iana_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.transport\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"package.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.defense_evasions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.elevation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.security_attributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.data.bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.data.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.hive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"@timestamp","title":"logs-*"},"coreMigrationVersion":"7.16.2","id":"logs-*","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"sort":[1643385898421,2902],"type":"index-pattern","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDk2LDE1XQ=="} -{"attributes":{"allowNoIndex":true,"fieldFormatMap":"{\"system.process.memory.size\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.mem.usage.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.mem.usage.max.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.mem.limit.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.memsw.usage.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.memsw.usage.max.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.memsw.limit.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.kmem.usage.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.kmem.usage.max.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.kmem.limit.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.kmem_tcp.usage.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.kmem_tcp.usage.max.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.kmem_tcp.limit.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.active_anon.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.active_file.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.cache.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.hierarchical_memory_limit.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.hierarchical_memsw_limit.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.inactive_anon.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.inactive_file.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.mapped_file.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.rss.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.rss_huge.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.swap.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.unevictable.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.blkio.total.bytes\":{\"id\":\"bytes\"},\"system.core.user.pct\":{\"id\":\"percent\"},\"system.core.system.pct\":{\"id\":\"percent\"},\"system.core.nice.pct\":{\"id\":\"percent\"},\"system.core.idle.pct\":{\"id\":\"percent\"},\"system.core.iowait.pct\":{\"id\":\"percent\"},\"system.core.irq.pct\":{\"id\":\"percent\"},\"system.core.softirq.pct\":{\"id\":\"percent\"},\"system.core.steal.pct\":{\"id\":\"percent\"},\"host.disk.read.bytes\":{\"id\":\"bytes\"},\"host.disk.write.bytes\":{\"id\":\"bytes\"},\"system.diskio.read.bytes\":{\"id\":\"bytes\"},\"system.diskio.write.bytes\":{\"id\":\"bytes\"},\"system.diskio.iostat.read.per_sec.bytes\":{\"id\":\"bytes\"},\"system.diskio.iostat.write.per_sec.bytes\":{\"id\":\"bytes\"},\"system.diskio.iostat.request.avg_size\":{\"id\":\"bytes\"},\"host.cpu.pct\":{\"id\":\"percent\"},\"system.cpu.user.pct\":{\"id\":\"percent\"},\"system.cpu.system.pct\":{\"id\":\"percent\"},\"system.cpu.nice.pct\":{\"id\":\"percent\"},\"system.cpu.idle.pct\":{\"id\":\"percent\"},\"system.cpu.iowait.pct\":{\"id\":\"percent\"},\"system.cpu.irq.pct\":{\"id\":\"percent\"},\"system.cpu.softirq.pct\":{\"id\":\"percent\"},\"system.cpu.steal.pct\":{\"id\":\"percent\"},\"system.cpu.total.pct\":{\"id\":\"percent\"},\"system.cpu.user.norm.pct\":{\"id\":\"percent\"},\"system.cpu.system.norm.pct\":{\"id\":\"percent\"},\"system.cpu.nice.norm.pct\":{\"id\":\"percent\"},\"system.cpu.idle.norm.pct\":{\"id\":\"percent\"},\"system.cpu.iowait.norm.pct\":{\"id\":\"percent\"},\"system.cpu.irq.norm.pct\":{\"id\":\"percent\"},\"system.cpu.softirq.norm.pct\":{\"id\":\"percent\"},\"system.cpu.steal.norm.pct\":{\"id\":\"percent\"},\"system.cpu.total.norm.pct\":{\"id\":\"percent\"},\"system.filesystem.available\":{\"id\":\"bytes\"},\"system.filesystem.free\":{\"id\":\"bytes\"},\"system.filesystem.total\":{\"id\":\"bytes\"},\"system.filesystem.used.bytes\":{\"id\":\"bytes\"},\"system.filesystem.used.pct\":{\"id\":\"percent\"},\"process.cpu.pct\":{\"id\":\"percent\"},\"process.memory.pct\":{\"id\":\"percent\"},\"system.process.cpu.total.pct\":{\"id\":\"percent\"},\"system.process.cpu.total.norm.pct\":{\"id\":\"percent\"},\"system.process.memory.rss.bytes\":{\"id\":\"bytes\"},\"system.process.memory.rss.pct\":{\"id\":\"percent\"},\"system.process.memory.share\":{\"id\":\"bytes\"},\"system.process.cgroup.cpu.pressure.some.10.pct\":{\"id\":\"percent\"},\"system.process.cgroup.cpu.pressure.some.60.pct\":{\"id\":\"percent\"},\"system.process.cgroup.cpu.pressure.some.300.pct\":{\"id\":\"percent\"},\"system.process.cgroup.cpu.pressure.some.total\":{\"id\":\"percent\"},\"system.process.cgroup.cpu.pressure.full.10.pct\":{\"id\":\"percent\"},\"system.process.cgroup.cpu.pressure.full.60.pct\":{\"id\":\"percent\"},\"system.process.cgroup.cpu.pressure.full.300.pct\":{\"id\":\"percent\"},\"system.process.cgroup.memory.mem.low.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.mem.high.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.mem.max.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.memsw.low.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.memsw.high.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.memsw.max.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.io.pressure.full.10.pct\":{\"id\":\"percent\"},\"system.process.cgroup.io.pressure.full.60.pct\":{\"id\":\"percent\"},\"system.process.cgroup.io.pressure.full.300.pct\":{\"id\":\"percent\"},\"system.process.cgroup.io.pressure.some.10.pct\":{\"id\":\"percent\"},\"system.process.cgroup.io.pressure.some.60.pct\":{\"id\":\"percent\"},\"system.socket.summary.tcp.memory\":{\"id\":\"bytes\"},\"system.socket.summary.udp.memory\":{\"id\":\"bytes\"},\"system.fsstat.total_size.free\":{\"id\":\"bytes\"},\"system.fsstat.total_size.used\":{\"id\":\"bytes\"},\"system.fsstat.total_size.total\":{\"id\":\"bytes\"},\"system.memory.total\":{\"id\":\"bytes\"},\"system.memory.used.bytes\":{\"id\":\"bytes\"},\"system.memory.free\":{\"id\":\"bytes\"},\"system.memory.used.pct\":{\"id\":\"percent\"},\"system.memory.actual.used.bytes\":{\"id\":\"bytes\"},\"system.memory.actual.free\":{\"id\":\"bytes\"},\"system.memory.actual.used.pct\":{\"id\":\"percent\"},\"system.memory.swap.total\":{\"id\":\"bytes\"},\"system.memory.swap.used.bytes\":{\"id\":\"bytes\"},\"system.memory.swap.free\":{\"id\":\"bytes\"},\"system.memory.swap.used.pct\":{\"id\":\"percent\"},\"system.memory.page_stats.pgscan_kswapd.pages\":{\"id\":\"number\"},\"system.memory.page_stats.pgscan_direct.pages\":{\"id\":\"number\"},\"system.memory.page_stats.pgfree.pages\":{\"id\":\"number\"},\"system.memory.page_stats.pgsteal_kswapd.pages\":{\"id\":\"number\"},\"system.memory.page_stats.pgsteal_direct.pages\":{\"id\":\"number\"},\"system.memory.page_stats.direct_efficiency.pct\":{\"id\":\"percent\"},\"system.memory.page_stats.kswapd_efficiency.pct\":{\"id\":\"percent\"},\"system.memory.hugepages.total\":{\"id\":\"number\"},\"system.memory.hugepages.used.bytes\":{\"id\":\"bytes\"},\"system.memory.hugepages.used.pct\":{\"id\":\"percent\"},\"system.memory.hugepages.free\":{\"id\":\"number\"},\"system.memory.hugepages.reserved\":{\"id\":\"number\"},\"system.memory.hugepages.surplus\":{\"id\":\"number\"},\"system.memory.hugepages.default_size\":{\"id\":\"bytes\"},\"host.network.in.bytes\":{\"id\":\"bytes\"},\"host.network.out.bytes\":{\"id\":\"bytes\"},\"system.network.out.bytes\":{\"id\":\"bytes\"},\"system.network.in.bytes\":{\"id\":\"bytes\"},\"system.uptime.duration.ms\":{\"id\":\"duration\"},\"event.sequence\":{\"id\":\"string\"},\"event.severity\":{\"id\":\"string\"}}","fields":"[{\"name\":\"cloud.account.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.availability_zone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.instance.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.instance.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.machine.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.project.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.image.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.image.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.labels\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.family\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.kernel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.os.platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.containerized\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.dataset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.namespace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.acked\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.active\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.batches\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.dropped\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.duplicates\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.failed\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.toomany\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.write.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.write.errors\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.snapshot\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.user.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.total.value\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.system.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.total.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.total.time.ms\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.user.time.ms\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.system.time.ms\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.memory.size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.fd.open\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.fd.limit.soft\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.fd.limit.hard\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.cfs.period.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.cfs.quota.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.cfs.shares\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.rt.period.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.rt.runtime.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.periods\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.throttled.periods\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.throttled.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.total.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.stats.user.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.stats.system.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.percpu\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.usage.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.usage.max.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.failures\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.usage.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.usage.max.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.failures\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem.usage.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem.usage.max.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem.limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem.failures\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem_tcp.usage.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem_tcp.usage.max.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem_tcp.limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem_tcp.failures\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.active_anon.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.active_file.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.cache.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.hierarchical_memory_limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.hierarchical_memsw_limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.inactive_anon.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.inactive_file.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.mapped_file.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.page_faults\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.major_page_faults\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.pages_in\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.pages_out\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.rss.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.rss_huge.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.swap.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.unevictable.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.blkio.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.blkio.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.blkio.total.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.blkio.total.ios\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.beat.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.beat.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.beat.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.beat.uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.beat.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.cpu.cores\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.load.1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.load.15\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.load.5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.load.norm.1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.load.norm.15\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.load.norm.5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.system.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.system.time.ms\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.total.value\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.total.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.total.time.ms\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.user.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.user.time.ms\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.info.ephemeral_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.info.uptime.ms\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpu.cfs.period.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpu.cfs.quota.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpu.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpu.stats.periods\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpu.stats.throttled.periods\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpu.stats.throttled.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpuacct.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpuacct.total.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.memory.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.memory.mem.limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.memory.mem.usage.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.memstats.gc_next\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.memstats.memory.alloc\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.memstats.memory.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.memstats.rss\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.handles.open\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.handles.limit.hard\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.handles.limit.soft\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.uptime.ms\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.runtime.goroutines\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.clients\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.queue.acked\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.active\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.dropped\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.failed\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.filtered\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.published\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.retry\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.config.running\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.config.starts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.config.stops\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.read.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.read.errors\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.dataset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.cpu.usage\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.disk.read.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.disk.write.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.egress.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.egress.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.ingress.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.ingress.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.roles\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.user.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.user.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.system.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.system.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.nice.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.nice.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.idle.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.idle.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.iowait.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.iowait.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.irq.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.irq.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.softirq.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.softirq.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.steal.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.steal.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.read.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.write.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.read.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.write.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.read.time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.write.time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.io.time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.read.request.merges_per_sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.write.request.merges_per_sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.read.request.per_sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.write.request.per_sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.read.per_sec.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.read.await\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.write.per_sec.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.write.await\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.request.avg_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.queue.avg_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.await\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.service_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.busy\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.cpu.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.cores\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.user.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.system.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.nice.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.idle.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.iowait.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.irq.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.softirq.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.steal.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.total.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.user.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.system.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.nice.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.idle.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.iowait.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.irq.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.softirq.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.steal.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.total.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.user.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.system.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.nice.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.idle.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.iowait.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.irq.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.softirq.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.steal.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.available\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.device_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.mount_point\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.files\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.free_files\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.used.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.used.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.cpu.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.cpu.start_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.memory.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.digest_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.byte_order\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.cpu_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.exports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.abi_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.entrypoint\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.object_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.os_abi\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.imports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.chi2\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.entropy\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.physical_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.physical_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.virtual_address\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.virtual_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.segments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.segments.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.segments.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.shared_libraries\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.telfhash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.end\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.ssdeep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.digest_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.byte_order\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.cpu_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.exports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.abi_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.entrypoint\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.object_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.os_abi\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.imports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.chi2\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.entropy\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.physical_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.physical_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.virtual_address\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.virtual_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.segments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.segments.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.segments.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.shared_libraries\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.telfhash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.end\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.ssdeep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.roles\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.roles\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.roles\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.roles\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cmdline\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.env\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.total.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.total.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.start_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.memory.rss.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.memory.rss.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.memory.share\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cgroups_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.usage.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.usage.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.usage.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.user.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.user.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.user.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.system.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.system.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.system.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.throttled.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.some.10.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.some.60.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.some.300.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.some.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.full.10.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.full.60.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.full.300.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.full.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.total.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.total.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.stats.user.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.stats.user.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.stats.system.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.stats.system.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.low.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.high.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.max.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.events.low\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.events.high\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.events.max\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.events.oom\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.events.oom_kill\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.events.fail\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.low.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.high.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.max.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.events.low\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.events.high\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.events.max\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.events.oom\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.events.oom_kill\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.events.fail\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.*\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.*.bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.stats.*\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.stats.*.*\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.stats.*.*.bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.stats.*.*.ios\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.full.10.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.full.60.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.full.300.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.full.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.some.10.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.some.60.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.some.300.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.some.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.as.number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.as.organization.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.nat.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.nat.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.roles\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.all.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.all.listening\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.memory\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.orphan\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.listening\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.established\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.close_wait\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.time_wait\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.syn_sent\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.syn_recv\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.fin_wait1\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.fin_wait2\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.last_ack\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.closing\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.udp.memory\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.udp.all.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.fsstat.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.fsstat.total_files\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.fsstat.total_size.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.fsstat.total_size.used\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.fsstat.total_size.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.used.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.used.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.actual.used.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.actual.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.actual.used.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.used.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.out.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.in.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.readahead.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.readahead.cached\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.used.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.pgscan_kswapd.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.pgscan_direct.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.pgfree.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.pgsteal_kswapd.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.pgsteal_direct.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.direct_efficiency.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.kswapd_efficiency.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.used.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.used.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.reserved\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.surplus\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.default_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.swap.out.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.swap.out.fallback\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.running\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.idle\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.sleeping\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.stopped\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.zombie\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.dead\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.unknown\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.in.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.in.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.out.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.out.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.out.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.in.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.out.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.in.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.in.errors\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.out.errors\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.in.dropped\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.out.dropped\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.uptime.duration.ms\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.1\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.5\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.15\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.norm.1\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.norm.5\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.norm.15\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.cores\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.capabilities\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"Endpoint.configuration\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.configuration.isolation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.state.isolation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ecs.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.ingested\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.kind\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.outcome\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.sequence\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.severity\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext.variant\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.os.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint.histogram\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint.latest\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint.mean\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.metrics.disks.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.endpoint_drive\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.fstype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.mount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.file_events.sent_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.file_events.sent_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.file_events.suppressed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.file_events.suppressed_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.library_events.sent_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.library_events.sent_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.library_events.suppressed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.library_events.suppressed_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.network_events.sent_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.network_events.sent_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.network_events.suppressed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.network_events.suppressed_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.overall.sent_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.overall.sent_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.overall.suppressed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.overall.suppressed_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.process_events.sent_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.process_events.sent_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.process_events.suppressed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.process_events.suppressed_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.registry_events.sent_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.registry_events.sent_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.registry_events.suppressed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.registry_events.suppressed_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint.private\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint.private.latest\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint.private.mean\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.system_impact\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.metrics.threads\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.metrics.uptime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.uptime.endpoint\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.uptime.system\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.end\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.artifacts.global\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.endpoint_policy_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.response.configurations\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.response.configurations.antivirus_registration\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.response.configurations.antivirus_registration.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.antivirus_registration.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.behavior_protection.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.behavior_protection.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.events\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.events.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.events.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.host_isolation.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.host_isolation.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.logging\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.logging.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.logging.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.malware\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.malware.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.malware.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.memory_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.memory_protection.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.memory_protection.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.ransomware.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.ransomware.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.streaming\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.streaming.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.streaming.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.response.diagnostic.behavior_protection.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.behavior_protection.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.credential_protection.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.credential_protection.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.malware.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.malware.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.memory_protection.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.memory_protection.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.memory_scan.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.memory_scan.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.ransomware.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.ransomware.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.build.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","timeFieldName":"@timestamp","title":"metrics-*"},"coreMigrationVersion":"7.16.2","id":"metrics-*","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"sort":[1643385898421,2830],"type":"index-pattern","updated_at":"2022-01-28T16:04:58.421Z","version":"WzE0NDc2LDE1XQ=="} -{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":823,"missingRefCount":1,"missingReferences":[{"id":"0b963f20-6f9c-11ec-864c-8b5450f97635","type":"tag"}]} +{"attributes": {"fieldFormatMap": "{\"match_body.source_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"match_body.destination_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}}}", "fields": "[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"alert_info.slack_username_override\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert_info.slack_username_override.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_info.slack_webhook_url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert_info.slack_webhook_url.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_info.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert_info.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_sent\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"endtime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"exponent\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hits\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.@version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.signature_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.signature_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body._id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body._id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body._index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body._index.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body._type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body._type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.classification\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.classification.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.connection_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.connection_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.connection_state_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.connection_state_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.location.lat\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.location.lon\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.history\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.history.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.local_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.local_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.local_respond\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.local_respond.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.logstash_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.missed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.num_hits\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.num_matches\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.original_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_ipbytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.original_ipbytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.respond_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_ipbytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.respond_ipbytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.rev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.rev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.rule_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.rule_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.sensor_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.sensor_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.service.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.sid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.source.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.source_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.source_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.source_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-host_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-host_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-legacy_msghdr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-legacy_msghdr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-sourceip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-sourceip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.total_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.tunnel_parents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.tunnel_parents.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"matches\",\"type\":\"number\",\"count\":3,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_name\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"starttime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"time_taken\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traceback\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"traceback.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"until\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]", "notExpandable": true, "timeFieldName": "@timestamp", "title": "*:elastalert_status*"}, "coreMigrationVersion": "7.16.2", "id": "*:elastalert_status*", "migrationVersion": {"index-pattern": "7.11.0"}, "references": [], "sort": [1643385898421, 9], "type": "index-pattern", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjY0LDE1XQ=="} +{"attributes": {"fieldFormatMap": "{\"_id\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/#/hunt?q=_id%3A{{value}}\",\"labelTemplate\":\"Hunt and optionally pivot to PCAP/Cases\"}},\"uid\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"source_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"destination_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"source_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'source_port:\\\"{{value}}\\\" OR destination_port:\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"destination_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'source_port:\\\"{{value}}\\\" OR destination_port:\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"fuid\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"resp_fuids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"orig_fuids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"sid\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"port\":{\"id\":\"number\",\"params\":{\"pattern\":\"0.[000]\"}},\"query\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"query.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"server_name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"server_name.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"virtual_host\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"virtual_host.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"indicator\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"indicator.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"file_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"file_ip.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"signature_info\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"{{rawValue}}\",\"labelTemplate\":\"{{value}}\"}},\"highest_registered_domain\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"highest_registered_domain.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"domain_name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"domain_name.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"duration\":{\"id\":\"duration\",\"params\":{\"outputFormat\":\"asSeconds\",\"outputPrecision\":6}},\"missed_bytes\":{\"id\":\"bytes\"},\"missing_bytes\":{\"id\":\"bytes\"},\"original_bytes\":{\"id\":\"bytes\"},\"original_ip_bytes\":{\"id\":\"bytes\"},\"overflow_bytes\":{\"id\":\"bytes\"},\"respond_bytes\":{\"id\":\"bytes\"},\"respond_ip_bytes\":{\"id\":\"bytes\"},\"seen_bytes\":{\"id\":\"bytes\"},\"total_bytes\":{\"id\":\"bytes\"},\"rtt\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0000000]\"}},\"uids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/dashboards#/view/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"osquery.LiveQuery\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"LiveQuery\"}},\"TheHive\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"\",\"labelTemplate\":\"Add2Hive\"}}}", "fields": "[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"@version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"aa\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"aa.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ack\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ack.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"analyzer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"analyzer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"answers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"answers.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"auth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_attempts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints.path_len\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints_path_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat_host.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat_host.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"bound_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"call_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"call_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_exponent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_exponent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_after\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_before\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_number_days_valid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_permanent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_permanent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_signing_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_signing_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"checksum\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"checksum.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"class.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"classification\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"classification.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_build.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_digital_product_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_digital_product_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_fqdn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_fqdn.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_host_key_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_host_key_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"community\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"community.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"company.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compile_ts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compile_ts.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compression_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compression_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connect_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connect_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"content_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"content_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cookie\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cookie.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"current_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"current_directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.arch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.arch.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.dpkg_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.dpkg_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.file\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.file.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_cores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_cores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_mhz\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_mhz.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_free\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_free.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_total\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_total.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_usage\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_usage.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.broadcast\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.broadcast.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.dhcp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.dhcp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.gateway\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.gateway.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.metric\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.metric.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.netmask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.netmask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.dhcp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.dhcp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.netmask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.netmask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.mtu\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mtu.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_bytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_errors.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_packets\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_packets.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_bytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_errors.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_packets\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_packets.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.architecture.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.codename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.platform.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.release\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.release_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.sysname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.sysname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.package\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.package.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.inode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.local_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.local_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.remote_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.rx_queue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.rx_queue.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.tx_queue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.tx_queue.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.args.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.cmd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.cmd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.egroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.egroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.euser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.euser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.fgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.fgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.nice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.nice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.nlwp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.nlwp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.pgrp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pgrp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.ppid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.ppid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.processor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.processor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.resident\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.resident.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.rgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.rgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.ruser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.ruser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.session\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.session.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.sgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.sgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.share\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.share.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.start_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.start_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.stime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.stime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.suser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.suser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.tgid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.tgid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.utime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.utime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.vm_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.vm_size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.architecture.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.format\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.format.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.multiarch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.multiarch.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.section\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.section.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.vendor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.vendor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.pwd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.pwd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.title.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_passive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_channel_passive.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.ftscomment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.ftscomment.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.parent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.parent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"desktop_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_width\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_is_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dest_is_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_city.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_iso_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_iso_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_latitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_latitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_longitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_region.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"details\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"details.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dir\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dir.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"direction.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"display_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"display_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"enabled\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"enabled.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"endpoint.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry_location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry_location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"escalated_user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"escalated_user.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"established\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"established.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"exception\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"exception.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted_cutoff\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted_cutoff.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_request\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_request.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"first_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"first_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow_label\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"flow_label.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"forwardable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"forwardable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"framed_addr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"framed_addr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"freq_virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"freq_virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"frequency_scores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"frequency_scores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"full_log\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"full_log.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"function\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"function.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_bulk_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_bulk_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_responses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_responses.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_cert_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_cert_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_debug_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_debug_data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_export_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_export_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_import_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_import_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_server_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_server_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"helo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"helo.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"highest_registered_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"history\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"history.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hop_limit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hop_limit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"iin\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"iin.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"in_reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"in_reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"info_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"initiated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"initiated.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"input.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"input.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"integrity_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"integrity_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"interface\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"interface.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ecn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_ecn.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_offset.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_tos\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_tos.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_64bit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_64bit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_exe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_exe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_source_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_source_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_webmail\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_webmail.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_distinguished_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ja3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ja3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ja3s\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ja3s.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kex_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kex_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"keyboard_layout\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"keyboard_layout.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"launch_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"launch_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"lease_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"lease_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"length\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"length.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_respond\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_respond.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.file.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logged\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logged.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"machine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"machine.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_date.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"manager.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"manager.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"matched\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"matched.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"md5.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mimetype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mimetype.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missing_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"n\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"named_pipe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"named_pipe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"native_file_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"native_file_system.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"next_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"next_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nick\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nick.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"note\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"note.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ntlm_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"num_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"object_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"offset\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"operation.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"options\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"options.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"original_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"os.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.EndpointIP1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.EndpointIP1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.EndpointIP2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.EndpointIP2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.LiveQuery\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.LiveQuery.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.calendarTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.calendarTime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.codename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.gid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.gid_signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.gid_signed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.shell\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.shell.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uid_signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uid_signed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.counter\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.epoch\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hardware_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hardware_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hostIdentifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hostIdentifier.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.unixTime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_agent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_agent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"overflow_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"p\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"password.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"predecoder.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"predecoder.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"predecoder.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"predecoder.timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prev_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prev_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_arguments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_arguments.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_guid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"profile\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"profile.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"program.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prospector.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prospector.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proxied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proxied.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_class_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_type_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ra\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ra.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rcode_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reason.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"recipient_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"recipient_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"referrer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rejected\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rejected.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_location.country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_color_depth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_color_depth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_resource\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_resource.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"respond_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"result\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"result.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resumed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resumed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rows.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_signature.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"san_dns\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"san_dns.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"second_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"second_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"section_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"section_names.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"security_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"security_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_node\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_node.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_where\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_where.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sensor_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sensor_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seq\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seq.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sequence_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_dns_computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_dns_computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_host_key_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_host_key_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_major_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_minor_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_nb_computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_nb_computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_tree_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_tree_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"service.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"set_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"set_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"severity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_flag\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_flag.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signature_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"signer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"site\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"site.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sources\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sources.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_rule_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_rule_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subsystem\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subsystem.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"suppress_for\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.event.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.gid_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.gid_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.gname_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.gname_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.inode_after\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.md5_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.md5_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.md5_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.md5_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.mtime_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.mtime_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.mtime_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.mtime_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.perm_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.perm_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha1_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha1_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha1_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha1_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha256_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha256_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha256_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha256_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.size_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.size_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.size_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.size_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.uid_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.uid_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.uname_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.uname_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-legacy_msghdr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-legacy_msghdr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-sourceip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sysmon_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sysmon_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"target_filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"target_filename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tcp_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tcp_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"terminal_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"terminal_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timed_out\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timed_out.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_accessed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_accessed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_changed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_changed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_created\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_created.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_modified.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tld.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tld.subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"top_level_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"total_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tracker_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tracker_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"trans_depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"transaction_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ttls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_parents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_parents.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"unparsed_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"unparsed_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"up_since\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"up_since.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"urg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"urg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uri.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user_agent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"useragent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_aslr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_aslr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_code_integrity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_code_integrity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_dep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_dep.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_seh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_seh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_till\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_till.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"validation_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"validation_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"value.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"warning\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"warning.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.firedtimes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.gdpr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.gdpr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.gpg13\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.gpg13.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.groups\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.groups.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.mail\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.pci_dss\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.pci_dss.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"width\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"width.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"window\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"window.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x_originating_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"year\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"z\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"z.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"TheHive\",\"type\":\"string\",\"count\":0,\"scripted\":true,\"script\":\"'soctopus/thehive/case/' + doc['_id'].value\",\"lang\":\"painless\",\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false}]", "notExpandable": true, "timeFieldName": "@timestamp", "title": "*:logstash-*"}, "coreMigrationVersion": "7.16.2", "id": "*:logstash-*", "migrationVersion": {"index-pattern": "7.11.0"}, "references": [], "sort": [1643385898421, 10], "type": "index-pattern", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjY1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"}, "title": "Security Onion - Network Data", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - Network Data\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645) \\n \\n**Datasets** \\n[Connections](/kibana/app/dashboards#/view/0cc628b0-6e9f-11ea-9266-1fd14ca6af34) | [DCE/RPC](/kibana/app/dashboards#/view/9e882df0-72c5-11ea-8dd2-9d8795a1200b) |\\n[DHCP](/kibana/app/dashboards#/view/80625c10-96dd-11ea-814e-bb515e873c2c) \\n[DNP3](/kibana/app/dashboards#/view/b1f52180-755a-11ea-9565-7315f4ee5cac) | [DNS](/kibana/app/dashboards#/view/55ac6bf0-6ec4-11ea-9266-1fd14ca6af34) |\\n[FTP](/kibana/app/dashboards#/view/739bfad0-755a-11ea-9565-7315f4ee5cac) |\\n[HTTP](/kibana/app/dashboards#/view/44e9c820-6eb1-11ea-9266-1fd14ca6af34) | [Intel](/kibana/app/dashboards#/view/85b529a0-0e5a-11eb-a255-e1e8e85e3571) | [IRC](/kibana/app/dashboards#/view/38523560-75ba-11ea-9565-7315f4ee5cac) |\\n[Kerberos](/kibana/app/dashboards#/view/b207ab90-75bc-11ea-9565-7315f4ee5cac) \\n[Modbus](/kibana/app/dashboards#/view/886a7b90-75bd-11ea-9565-7315f4ee5cac) | \\n[MySQL](/kibana/app/dashboards#/view/c3ced6d0-75be-11ea-9565-7315f4ee5cac) | \\n[NTLM](/kibana/app/dashboards#/view/558292e0-75c1-11ea-9565-7315f4ee5cac) | \\n[PE](/kibana/app/dashboards#/view/94b55b90-c761-11ea-bebb-37c5ab5894ea) |\\n[RADIUS](/kibana/app/dashboards#/view/b9769e60-75c4-11ea-9565-7315f4ee5cac) | [RDP](/kibana/app/dashboards#/view/5b743150-75c5-11ea-9565-7315f4ee5cac) | \\n[RFB](/kibana/app/dashboards#/view/c8b3c360-75c6-11ea-9565-7315f4ee5cac) | [SIP](/kibana/app/dashboards#/view/dd98e260-75c6-11ea-9565-7315f4ee5cac) \\n[SMB](/kibana/app/dashboards#/view/f24d7b80-75c6-11ea-9565-7315f4ee5cac) | [SMTP](/kibana/app/dashboards#/view/00304500-75e7-11ea-9565-7315f4ee5cac) | [SNMP](/kibana/app/dashboards#/view/96522610-75e8-11ea-9565-7315f4ee5cac) | \\n[SSH](/kibana/app/dashboards#/view/9dfd77e0-75eb-11ea-9565-7315f4ee5cac) | [SSL](/kibana/app/dashboards#/view/efae8de0-75eb-11ea-9565-7315f4ee5cac) | [Syslog](/kibana/app/dashboards#/view/66499a20-75ed-11ea-9565-7315f4ee5cac) | [Tunnels](/kibana/app/dashboards#/view/c962dd60-75ed-11ea-9565-7315f4ee5cac) | [X.509](/kibana/app/dashboards#/view/2e0865f0-75ee-11ea-9565-7315f4ee5cac) \\n\"}}"}, "coreMigrationVersion": "7.16.2", "id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [], "sort": [1643385898421, 11], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjY2LDE1XQ=="} +{"attributes": {"fieldFormatMap": "{\"network.community_id\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:network.community_id,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(network.community_id:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"source.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip:'{{ value }}')),(term:(destination.ip:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"destination.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip:'{{ value }}')),(term:(destination.ip:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"source.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.port:'{{ value }}')),(term:(destination.port:'{{ value }}')))),meta:(alias:'source.port:%20!'{{ value }}!'%20OR%20destination.port:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.port%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.port%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"destination.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.port:'{{ value }}')),(term:(destination.port:'{{ value }}')))),meta:(alias:'source.port:%20!'{{ value }}!'%20OR%20destination.port:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.port%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.port%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.fuid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.fuid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.fuid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.fuid.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.fuid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.fuid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.uid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.uid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.uid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.uid.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.uid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.uid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"_id\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://PLACEHOLDER/#/hunt?q=_id%3A{{value}}\",\"labelTemplate\":\"Hunt and optionally pivot to PCAP/Cases\"}},\"client.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"server.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"event.dataset\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.dataset.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.dataset.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.dataset.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.dataset.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.dataset.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.module\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.module.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.module.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.module.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"agent.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:agent.name.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(agent.name.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"agent.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:agent.name.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(agent.name.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"rule.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.name:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:''),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"rule.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.name:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:''),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"osquery.result.live_query\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://PLACEHOLDER/fleet/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"Live Query\"}},\"osquery.result.live_query.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://PLACEHOLDER/fleet/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"Live Query\"}},\"connection.state_description\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.state_description,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(connection.state_description:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"connection.state_description.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.state_description,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(connection.state_description:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"rule.category.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.category,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.category:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"rule.category\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.category,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.category:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"rule.uuid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.uuid,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.uuid:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"connection.history\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.history,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(connection.history:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"connection.history.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.history,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(connection.history:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.message_types\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.message_types,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dhcp.message_types:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.message_types.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.message_types,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dhcp.message_types:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.requested_address\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.requested_address,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.requested_address:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.requested_address.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.requested_address,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.requested_address:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.assigned_ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.assigned_ip,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.assigned_ip:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.assigned_ip.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.assigned_ip,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.assigned_ip:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"host.mac\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:host.mac,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(host.mac:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"host.mac.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:host.mac,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(host.mac:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.lease_time\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.lease_time,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.lease_time:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.query.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.query.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.query.name:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.query.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.query.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.query.name:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.answers.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.answers.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.answers.name:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.answers.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.answers.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.answers.name:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.response.code_name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.response.code_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dns.response.code_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.response.code_name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.response.code_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dns.response.code_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.mime_type\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.mime_type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.mime_type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.mime_type.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.mime_type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.mime_type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.argument\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.argument,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ftp.argument:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.argument.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.argument,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ftp.argument:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.user\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.user,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.user:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.user.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.user,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.user:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.password\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.password,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.password:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.password.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.password,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.password:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.useragent\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.useragent,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(http.useragent:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.useragent.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.useragent,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(http.useragent:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.method\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.method,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.method:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.method.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.method,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.method:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.virtual_host\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.virtual_host,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.virtual_host:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.virtual_host.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.virtual_host,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.virtual_host:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.uri.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.uri.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.uri.keyword:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.uri\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.uri.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.uri.keyword:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.note.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.note,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.note:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.message.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.message,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.message:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.note\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.note,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.note:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.message\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.message,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.message:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.server_name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.server_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ssl.server_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.server_name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.server_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ssl.server_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.subject\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.subject,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ssl.certificate.subject:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.subject.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.subject,negate:!f,params:(query:'O%3DDefault%20Company%20Ltd,L%3DDefault%20City,C%3DXX'),type:phrase),query:(match_phrase:(ssl.certificate.subject:'O%3DDefault%20Company%20Ltd,L%3DDefault%20City,C%3DXX')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.issuer\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ssl.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.issuer.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ssl.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.facility_label\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.facility_label,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.facility_label:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.facility_label\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.facility_label,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.facility_label:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.severity_label\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.severity_label,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.severity_label:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.severity_label\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.severity_label,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.severity_label:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.subject\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.subject,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.subject:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.subject.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.subject,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.subject:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.issuer\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.issuer.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.san_dns\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.san_dns,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.san_dns:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.san_dns.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.san_dns,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.san_dns:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.key.type\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.key.type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(x509.certificate.key.type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:edit)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.key.type.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.key.type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(x509.certificate.key.type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:edit)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}}}", "fields": "[{\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.ephemeral_id\"}}},{\"name\":\"agent.ephemeral_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.ephemeral_id\"}}},{\"name\":\"agent.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.hostname\"}}},{\"name\":\"agent.hostname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.hostname\"}}},{\"name\":\"agent.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.id\"}}},{\"name\":\"agent.id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.id\"}}},{\"name\":\"agent.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.name\"}}},{\"name\":\"agent.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.name\"}}},{\"name\":\"agent.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.type\"}}},{\"name\":\"agent.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.type\"}}},{\"name\":\"agent.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.version\"}}},{\"name\":\"agent.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"agent.version\"}}},{\"name\":\"client.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.address\"}}},{\"name\":\"client.address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"client.address\"}}},{\"name\":\"client.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.id.product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.id.product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.id.product\"}}},{\"name\":\"client.id.product.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"client.id.product\"}}},{\"name\":\"client.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.ip_bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.name\"}}},{\"name\":\"client.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"client.name\"}}},{\"name\":\"client.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.port\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.user_agent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.user_agent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.user_agent\"}}},{\"name\":\"client.user_agent.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"client.user_agent\"}}},{\"name\":\"connection.bytes.missed\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.history\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.history.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.history\"}}},{\"name\":\"connection.history.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"connection.history\"}}},{\"name\":\"connection.local.originator\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.local.responder\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.state\"}}},{\"name\":\"connection.state.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"connection.state\"}}},{\"name\":\"connection.state_description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.state_description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.state_description\"}}},{\"name\":\"connection.state_description.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"connection.state_description\"}}},{\"name\":\"data.euid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.euid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.euid\"}}},{\"name\":\"data.euid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.euid\"}}},{\"name\":\"data.file\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.file.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.file\"}}},{\"name\":\"data.file.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.file\"}}},{\"name\":\"data.hardware.cpu_cores\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_cores.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_cores\"}}},{\"name\":\"data.hardware.cpu_cores.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_cores\"}}},{\"name\":\"data.hardware.cpu_mhz\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_mhz.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_mhz\"}}},{\"name\":\"data.hardware.cpu_mhz.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_mhz\"}}},{\"name\":\"data.hardware.cpu_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_name\"}}},{\"name\":\"data.hardware.cpu_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.cpu_name\"}}},{\"name\":\"data.hardware.ram_free\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_free.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_free\"}}},{\"name\":\"data.hardware.ram_free.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_free\"}}},{\"name\":\"data.hardware.ram_total\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_total.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_total\"}}},{\"name\":\"data.hardware.ram_total.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_total\"}}},{\"name\":\"data.hardware.ram_usage\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_usage.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_usage\"}}},{\"name\":\"data.hardware.ram_usage.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.ram_usage\"}}},{\"name\":\"data.hardware.serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hardware.serial\"}}},{\"name\":\"data.hardware.serial.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hardware.serial\"}}},{\"name\":\"data.hotfix\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hotfix.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.hotfix\"}}},{\"name\":\"data.hotfix.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.hotfix\"}}},{\"name\":\"data.logname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.logname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.logname\"}}},{\"name\":\"data.logname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.logname\"}}},{\"name\":\"data.netinfo.iface.adapter\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.adapter.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.adapter\"}}},{\"name\":\"data.netinfo.iface.adapter.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.adapter\"}}},{\"name\":\"data.netinfo.iface.ipv4.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.address\"}}},{\"name\":\"data.netinfo.iface.ipv4.address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.address\"}}},{\"name\":\"data.netinfo.iface.ipv4.broadcast\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.broadcast.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.broadcast\"}}},{\"name\":\"data.netinfo.iface.ipv4.broadcast.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.broadcast\"}}},{\"name\":\"data.netinfo.iface.ipv4.dhcp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.dhcp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.dhcp\"}}},{\"name\":\"data.netinfo.iface.ipv4.dhcp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.dhcp\"}}},{\"name\":\"data.netinfo.iface.ipv4.gateway\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.gateway.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.gateway\"}}},{\"name\":\"data.netinfo.iface.ipv4.gateway.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.gateway\"}}},{\"name\":\"data.netinfo.iface.ipv4.metric\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.metric.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.metric\"}}},{\"name\":\"data.netinfo.iface.ipv4.metric.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.metric\"}}},{\"name\":\"data.netinfo.iface.ipv4.netmask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.netmask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.netmask\"}}},{\"name\":\"data.netinfo.iface.ipv4.netmask.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv4.netmask\"}}},{\"name\":\"data.netinfo.iface.ipv6.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.address\"}}},{\"name\":\"data.netinfo.iface.ipv6.address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.address\"}}},{\"name\":\"data.netinfo.iface.ipv6.dhcp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.dhcp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.dhcp\"}}},{\"name\":\"data.netinfo.iface.ipv6.dhcp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.dhcp\"}}},{\"name\":\"data.netinfo.iface.ipv6.gateway\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.gateway.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.gateway\"}}},{\"name\":\"data.netinfo.iface.ipv6.gateway.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.gateway\"}}},{\"name\":\"data.netinfo.iface.ipv6.metric\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.metric.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.metric\"}}},{\"name\":\"data.netinfo.iface.ipv6.metric.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.metric\"}}},{\"name\":\"data.netinfo.iface.ipv6.netmask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.netmask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.netmask\"}}},{\"name\":\"data.netinfo.iface.ipv6.netmask.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.ipv6.netmask\"}}},{\"name\":\"data.netinfo.iface.mac\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mac.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.mac\"}}},{\"name\":\"data.netinfo.iface.mac.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.mac\"}}},{\"name\":\"data.netinfo.iface.mtu\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mtu.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.mtu\"}}},{\"name\":\"data.netinfo.iface.mtu.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.mtu\"}}},{\"name\":\"data.netinfo.iface.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.name\"}}},{\"name\":\"data.netinfo.iface.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.name\"}}},{\"name\":\"data.netinfo.iface.rx_bytes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_bytes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_bytes\"}}},{\"name\":\"data.netinfo.iface.rx_bytes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_bytes\"}}},{\"name\":\"data.netinfo.iface.rx_dropped\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_dropped.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_dropped\"}}},{\"name\":\"data.netinfo.iface.rx_dropped.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_dropped\"}}},{\"name\":\"data.netinfo.iface.rx_errors\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_errors.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_errors\"}}},{\"name\":\"data.netinfo.iface.rx_errors.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_errors\"}}},{\"name\":\"data.netinfo.iface.rx_packets\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_packets.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_packets\"}}},{\"name\":\"data.netinfo.iface.rx_packets.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.rx_packets\"}}},{\"name\":\"data.netinfo.iface.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.state\"}}},{\"name\":\"data.netinfo.iface.state.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.state\"}}},{\"name\":\"data.netinfo.iface.tx_bytes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_bytes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_bytes\"}}},{\"name\":\"data.netinfo.iface.tx_bytes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_bytes\"}}},{\"name\":\"data.netinfo.iface.tx_dropped\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_dropped.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_dropped\"}}},{\"name\":\"data.netinfo.iface.tx_dropped.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_dropped\"}}},{\"name\":\"data.netinfo.iface.tx_errors\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_errors.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_errors\"}}},{\"name\":\"data.netinfo.iface.tx_errors.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_errors\"}}},{\"name\":\"data.netinfo.iface.tx_packets\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_packets.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_packets\"}}},{\"name\":\"data.netinfo.iface.tx_packets.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.tx_packets\"}}},{\"name\":\"data.netinfo.iface.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.type\"}}},{\"name\":\"data.netinfo.iface.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.netinfo.iface.type\"}}},{\"name\":\"data.os.architecture\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.architecture.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.architecture\"}}},{\"name\":\"data.os.architecture.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.architecture\"}}},{\"name\":\"data.os.build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.build\"}}},{\"name\":\"data.os.build.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.build\"}}},{\"name\":\"data.os.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.hostname\"}}},{\"name\":\"data.os.hostname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.hostname\"}}},{\"name\":\"data.os.major\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.major.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.major\"}}},{\"name\":\"data.os.major.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.major\"}}},{\"name\":\"data.os.minor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.minor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.minor\"}}},{\"name\":\"data.os.minor.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.minor\"}}},{\"name\":\"data.os.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.name\"}}},{\"name\":\"data.os.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.name\"}}},{\"name\":\"data.os.os_release\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.os_release.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.os_release\"}}},{\"name\":\"data.os.os_release.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.os_release\"}}},{\"name\":\"data.os.platform\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.platform.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.platform\"}}},{\"name\":\"data.os.platform.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.platform\"}}},{\"name\":\"data.os.release\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.release\"}}},{\"name\":\"data.os.release.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.release\"}}},{\"name\":\"data.os.release_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.release_version\"}}},{\"name\":\"data.os.release_version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.release_version\"}}},{\"name\":\"data.os.sysname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.sysname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.sysname\"}}},{\"name\":\"data.os.sysname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.sysname\"}}},{\"name\":\"data.os.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.os.version\"}}},{\"name\":\"data.os.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.os.version\"}}},{\"name\":\"data.port.inode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.inode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.inode\"}}},{\"name\":\"data.port.inode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.inode\"}}},{\"name\":\"data.port.local_ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.local_ip\"}}},{\"name\":\"data.port.local_ip.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.local_ip\"}}},{\"name\":\"data.port.local_port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.local_port\"}}},{\"name\":\"data.port.local_port.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.local_port\"}}},{\"name\":\"data.port.pid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.pid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.pid\"}}},{\"name\":\"data.port.pid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.pid\"}}},{\"name\":\"data.port.process\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.process.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.process\"}}},{\"name\":\"data.port.process.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.process\"}}},{\"name\":\"data.port.protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.protocol\"}}},{\"name\":\"data.port.protocol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.protocol\"}}},{\"name\":\"data.port.remote_ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.remote_ip\"}}},{\"name\":\"data.port.remote_ip.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.remote_ip\"}}},{\"name\":\"data.port.remote_port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.remote_port\"}}},{\"name\":\"data.port.remote_port.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.remote_port\"}}},{\"name\":\"data.port.rx_queue\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.rx_queue.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.rx_queue\"}}},{\"name\":\"data.port.rx_queue.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.rx_queue\"}}},{\"name\":\"data.port.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.state\"}}},{\"name\":\"data.port.state.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.state\"}}},{\"name\":\"data.port.tx_queue\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.tx_queue.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.port.tx_queue\"}}},{\"name\":\"data.port.tx_queue.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.port.tx_queue\"}}},{\"name\":\"data.pwd\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.pwd.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.pwd\"}}},{\"name\":\"data.pwd.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.pwd\"}}},{\"name\":\"data.srcuser\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.srcuser.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.srcuser\"}}},{\"name\":\"data.srcuser.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.srcuser\"}}},{\"name\":\"data.title\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.title.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.title\"}}},{\"name\":\"data.title.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.title\"}}},{\"name\":\"data.tty\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.tty.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.tty\"}}},{\"name\":\"data.tty.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.tty\"}}},{\"name\":\"data.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.type\"}}},{\"name\":\"data.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.type\"}}},{\"name\":\"data.uid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.uid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.uid\"}}},{\"name\":\"data.uid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"data.uid\"}}},{\"name\":\"dce_rpc.endpoint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.endpoint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.endpoint\"}}},{\"name\":\"dce_rpc.endpoint.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.endpoint\"}}},{\"name\":\"dce_rpc.named_pipe\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.named_pipe.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.named_pipe\"}}},{\"name\":\"dce_rpc.named_pipe.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.named_pipe\"}}},{\"name\":\"dce_rpc.operation\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.operation.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.operation\"}}},{\"name\":\"dce_rpc.operation.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.operation\"}}},{\"name\":\"destination.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.city_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.city_name\"}}},{\"name\":\"destination.geo.city_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.city_name\"}}},{\"name\":\"destination.geo.continent_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.continent_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.continent_name\"}}},{\"name\":\"destination.geo.continent_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.continent_name\"}}},{\"name\":\"destination.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.country_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_iso_code\"}}},{\"name\":\"destination.geo.country_iso_code.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_iso_code\"}}},{\"name\":\"destination.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.country_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_name\"}}},{\"name\":\"destination.geo.country_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_name\"}}},{\"name\":\"destination.geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.location.lat\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.location.lon\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.region_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.region_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_iso_code\"}}},{\"name\":\"destination.geo.region_iso_code.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_iso_code\"}}},{\"name\":\"destination.geo.region_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.region_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_name\"}}},{\"name\":\"destination.geo.region_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_name\"}}},{\"name\":\"destination.geo.timezone\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.timezone.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.timezone\"}}},{\"name\":\"destination.geo.timezone.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"destination.geo.timezone\"}}},{\"name\":\"destination.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.assigned_ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.assigned_ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.assigned_ip\"}}},{\"name\":\"dhcp.assigned_ip.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dhcp.assigned_ip\"}}},{\"name\":\"dhcp.lease_time\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.message_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.message_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.message_types\"}}},{\"name\":\"dhcp.message_types.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dhcp.message_types\"}}},{\"name\":\"dhcp.requested_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.requested_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.requested_address\"}}},{\"name\":\"dhcp.requested_address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dhcp.requested_address\"}}},{\"name\":\"dnp3.fc_reply\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dnp3.fc_reply.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_reply\"}}},{\"name\":\"dnp3.fc_reply.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_reply\"}}},{\"name\":\"dnp3.fc_request\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dnp3.fc_request.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_request\"}}},{\"name\":\"dnp3.fc_request.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_request\"}}},{\"name\":\"dnp3.iin\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.answers.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.answers.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.answers.name\"}}},{\"name\":\"dns.answers.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.answers.name\"}}},{\"name\":\"dns.authoritative\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.highest_registered_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.highest_registered_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.highest_registered_domain\"}}},{\"name\":\"dns.highest_registered_domain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.highest_registered_domain\"}}},{\"name\":\"dns.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.parent_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.parent_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.parent_domain\"}}},{\"name\":\"dns.parent_domain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.parent_domain\"}}},{\"name\":\"dns.parent_domain_length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.class\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.class_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.class_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.class_name\"}}},{\"name\":\"dns.query.class_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.query.class_name\"}}},{\"name\":\"dns.query.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.name\"}}},{\"name\":\"dns.query.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.query.name\"}}},{\"name\":\"dns.query.rejected\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.type\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.type_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.type_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.type_name\"}}},{\"name\":\"dns.query.type_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.query.type_name\"}}},{\"name\":\"dns.recursion.available\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.recursion.desired\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.reserved\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.response.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.response.code_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.response.code_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.response.code_name\"}}},{\"name\":\"dns.response.code_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.response.code_name\"}}},{\"name\":\"dns.subdomain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.subdomain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.subdomain\"}}},{\"name\":\"dns.subdomain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.subdomain\"}}},{\"name\":\"dns.subdomain_length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.top_level_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.top_level_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.top_level_domain\"}}},{\"name\":\"dns.top_level_domain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"dns.top_level_domain\"}}},{\"name\":\"dns.truncated\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.ttls\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ecs.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ecs.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ecs.version\"}}},{\"name\":\"ecs.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ecs.version\"}}},{\"name\":\"error.reason\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error.reason.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"error.reason\"}}},{\"name\":\"error.reason.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"error.reason\"}}},{\"name\":\"event.acknowledged\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.action\"}}},{\"name\":\"event.action.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.action\"}}},{\"name\":\"event.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.category\"}}},{\"name\":\"event.category.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.category\"}}},{\"name\":\"event.code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.code\"}}},{\"name\":\"event.code.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.code\"}}},{\"name\":\"event.created\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.created.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.created\"}}},{\"name\":\"event.created.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.created\"}}},{\"name\":\"event.dataset\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.dataset.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.dataset\"}}},{\"name\":\"event.dataset.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.dataset\"}}},{\"name\":\"event.duration\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.escalated\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.kind\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.kind.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.kind\"}}},{\"name\":\"event.kind.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.kind\"}}},{\"name\":\"event.module\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.module.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.module\"}}},{\"name\":\"event.module.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.module\"}}},{\"name\":\"event.provider\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.provider.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.provider\"}}},{\"name\":\"event.provider.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.provider\"}}},{\"name\":\"event.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.severity_label\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.severity_label.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.severity_label\"}}},{\"name\":\"event.severity_label.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.severity_label\"}}},{\"name\":\"event.timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.timestamp\"}}},{\"name\":\"event.timestamp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"event.timestamp\"}}},{\"name\":\"file.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.action\"}}},{\"name\":\"file.action.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.action\"}}},{\"name\":\"file.analyzer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.analyzer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.analyzer\"}}},{\"name\":\"file.analyzer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.analyzer\"}}},{\"name\":\"file.aslr\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.missing\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.overflow\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.seen\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_integrity\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.compile_timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.compile_timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.compile_timestamp\"}}},{\"name\":\"file.compile_timestamp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.compile_timestamp\"}}},{\"name\":\"file.debug_data\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.dep\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.description\"}}},{\"name\":\"file.description.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.description\"}}},{\"name\":\"file.extracted.cutoff\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.extracted.filename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.extracted.filename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.extracted.filename\"}}},{\"name\":\"file.extracted.filename.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.extracted.filename\"}}},{\"name\":\"file.flavors.mime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.flavors.mime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.flavors.mime\"}}},{\"name\":\"file.flavors.mime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.flavors.mime\"}}},{\"name\":\"file.flavors.yara\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.flavors.yara.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.flavors.yara\"}}},{\"name\":\"file.flavors.yara.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.flavors.yara\"}}},{\"name\":\"file.is_64bit\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.is_exe\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.is_orig\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.local_orig\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.machine\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.machine.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.machine\"}}},{\"name\":\"file.machine.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.machine\"}}},{\"name\":\"file.mime_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.mime_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.mime_type\"}}},{\"name\":\"file.mime_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.mime_type\"}}},{\"name\":\"file.mimetype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.mimetype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.mimetype\"}}},{\"name\":\"file.mimetype.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.mimetype\"}}},{\"name\":\"file.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.name\"}}},{\"name\":\"file.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.name\"}}},{\"name\":\"file.orig_filenames\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.orig_filenames.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.orig_filenames\"}}},{\"name\":\"file.orig_filenames.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.orig_filenames\"}}},{\"name\":\"file.orig_mime_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.orig_mime_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.orig_mime_types\"}}},{\"name\":\"file.orig_mime_types.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.orig_mime_types\"}}},{\"name\":\"file.os\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.os.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.os\"}}},{\"name\":\"file.os.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.os\"}}},{\"name\":\"file.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.path\"}}},{\"name\":\"file.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.path\"}}},{\"name\":\"file.resp_filenames\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.resp_filenames.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.resp_filenames\"}}},{\"name\":\"file.resp_filenames.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.resp_filenames\"}}},{\"name\":\"file.resp_mime_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.resp_mime_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.resp_mime_types\"}}},{\"name\":\"file.resp_mime_types.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.resp_mime_types\"}}},{\"name\":\"file.scanners\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.scanners.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.scanners\"}}},{\"name\":\"file.scanners.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.scanners\"}}},{\"name\":\"file.section_names\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.section_names.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.section_names\"}}},{\"name\":\"file.section_names.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.section_names\"}}},{\"name\":\"file.seh\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.source\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.source.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.source\"}}},{\"name\":\"file.source.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.source\"}}},{\"name\":\"file.subsystem\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.subsystem.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.subsystem\"}}},{\"name\":\"file.subsystem.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.subsystem\"}}},{\"name\":\"file.table.cert\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.table.export\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.table.import\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.target.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.target\"}}},{\"name\":\"file.target.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.target\"}}},{\"name\":\"file.timed_out\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.times_accessed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_accessed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_accessed\"}}},{\"name\":\"file.times_accessed.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.times_accessed\"}}},{\"name\":\"file.times_changed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_changed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_changed\"}}},{\"name\":\"file.times_changed.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.times_changed\"}}},{\"name\":\"file.times_created\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_created.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_created\"}}},{\"name\":\"file.times_created.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.times_created\"}}},{\"name\":\"file.times_modified\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_modified.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_modified\"}}},{\"name\":\"file.times_modified.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.times_modified\"}}},{\"name\":\"file.tree.node\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.tree.node.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.tree.node\"}}},{\"name\":\"file.tree.node.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.tree.node\"}}},{\"name\":\"file.tree.parent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.tree.parent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.tree.parent\"}}},{\"name\":\"file.tree.parent.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.tree.parent\"}}},{\"name\":\"file.tree.root\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.tree.root.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.tree.root\"}}},{\"name\":\"file.tree.root.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"file.tree.root\"}}},{\"name\":\"ftp.argument\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.argument.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.argument\"}}},{\"name\":\"ftp.argument.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ftp.argument\"}}},{\"name\":\"ftp.command\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.command.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.command\"}}},{\"name\":\"ftp.command.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ftp.command\"}}},{\"name\":\"ftp.data_channel_destination.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.data_channel_destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.data_channel_passive\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.data_channel_source.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.password\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.password.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.password\"}}},{\"name\":\"ftp.password.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ftp.password\"}}},{\"name\":\"ftp.user\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.user.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.user\"}}},{\"name\":\"ftp.user.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ftp.user\"}}},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hash.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hash.hassh\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.hassh.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.hassh\"}}},{\"name\":\"hash.hassh.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.hassh\"}}},{\"name\":\"hash.ja3\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ja3.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ja3\"}}},{\"name\":\"hash.ja3.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.ja3\"}}},{\"name\":\"hash.ja3s\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ja3s.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ja3s\"}}},{\"name\":\"hash.ja3s.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.ja3s\"}}},{\"name\":\"hash.md5\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.md5.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.md5\"}}},{\"name\":\"hash.md5.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.md5\"}}},{\"name\":\"hash.sha1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.sha1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.sha1\"}}},{\"name\":\"hash.sha1.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.sha1\"}}},{\"name\":\"hash.sha256\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.sha256.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.sha256\"}}},{\"name\":\"hash.sha256.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.sha256\"}}},{\"name\":\"hash.ssdeep\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ssdeep.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ssdeep\"}}},{\"name\":\"hash.ssdeep.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"hash.ssdeep\"}}},{\"name\":\"host.architecture\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.architecture.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.architecture\"}}},{\"name\":\"host.architecture.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.architecture\"}}},{\"name\":\"host.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.domain\"}}},{\"name\":\"host.domain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.domain\"}}},{\"name\":\"host.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.hostname\"}}},{\"name\":\"host.hostname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.hostname\"}}},{\"name\":\"host.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.id\"}}},{\"name\":\"host.id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.id\"}}},{\"name\":\"host.mac\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.mac.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.mac\"}}},{\"name\":\"host.mac.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.mac\"}}},{\"name\":\"host.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.name\"}}},{\"name\":\"host.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.name\"}}},{\"name\":\"host.os.build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.build\"}}},{\"name\":\"host.os.build.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.build\"}}},{\"name\":\"host.os.family\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.family.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.family\"}}},{\"name\":\"host.os.family.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.family\"}}},{\"name\":\"host.os.kernel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.kernel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.kernel\"}}},{\"name\":\"host.os.kernel.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.kernel\"}}},{\"name\":\"host.os.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.name\"}}},{\"name\":\"host.os.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.name\"}}},{\"name\":\"host.os.platform\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.platform.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.platform\"}}},{\"name\":\"host.os.platform.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.platform\"}}},{\"name\":\"host.os.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.version\"}}},{\"name\":\"host.os.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.os.version\"}}},{\"name\":\"host.syscheck.changed_attributes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.changed_attributes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.changed_attributes\"}}},{\"name\":\"host.syscheck.changed_attributes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.changed_attributes\"}}},{\"name\":\"host.syscheck.event\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.event.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.event\"}}},{\"name\":\"host.syscheck.event.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.event\"}}},{\"name\":\"host.syscheck.gid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.gid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gid_after\"}}},{\"name\":\"host.syscheck.gid_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gid_after\"}}},{\"name\":\"host.syscheck.gname_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.gname_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gname_after\"}}},{\"name\":\"host.syscheck.gname_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gname_after\"}}},{\"name\":\"host.syscheck.inode_after\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.syscheck.md5_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.md5_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_after\"}}},{\"name\":\"host.syscheck.md5_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_after\"}}},{\"name\":\"host.syscheck.md5_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.md5_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_before\"}}},{\"name\":\"host.syscheck.md5_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_before\"}}},{\"name\":\"host.syscheck.mode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.mode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mode\"}}},{\"name\":\"host.syscheck.mode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mode\"}}},{\"name\":\"host.syscheck.mtime_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.mtime_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_after\"}}},{\"name\":\"host.syscheck.mtime_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_after\"}}},{\"name\":\"host.syscheck.mtime_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.mtime_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_before\"}}},{\"name\":\"host.syscheck.mtime_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_before\"}}},{\"name\":\"host.syscheck.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.path\"}}},{\"name\":\"host.syscheck.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.path\"}}},{\"name\":\"host.syscheck.perm_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.perm_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.perm_after\"}}},{\"name\":\"host.syscheck.perm_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.perm_after\"}}},{\"name\":\"host.syscheck.sha1_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha1_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_after\"}}},{\"name\":\"host.syscheck.sha1_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_after\"}}},{\"name\":\"host.syscheck.sha1_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha1_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_before\"}}},{\"name\":\"host.syscheck.sha1_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_before\"}}},{\"name\":\"host.syscheck.sha256_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha256_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_after\"}}},{\"name\":\"host.syscheck.sha256_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_after\"}}},{\"name\":\"host.syscheck.sha256_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha256_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_before\"}}},{\"name\":\"host.syscheck.sha256_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_before\"}}},{\"name\":\"host.syscheck.size_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.size_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.size_after\"}}},{\"name\":\"host.syscheck.size_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.size_after\"}}},{\"name\":\"host.syscheck.size_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.size_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.size_before\"}}},{\"name\":\"host.syscheck.size_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.size_before\"}}},{\"name\":\"host.syscheck.uid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.uid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uid_after\"}}},{\"name\":\"host.syscheck.uid_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uid_after\"}}},{\"name\":\"host.syscheck.uname_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.uname_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uname_after\"}}},{\"name\":\"host.syscheck.uname_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uname_after\"}}},{\"name\":\"http.info_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.info_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.info_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.info_message\"}}},{\"name\":\"http.info_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.info_message\"}}},{\"name\":\"http.method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.method\"}}},{\"name\":\"http.method.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.method\"}}},{\"name\":\"http.proxied\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.proxied.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.proxied\"}}},{\"name\":\"http.proxied.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.proxied\"}}},{\"name\":\"http.referrer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.referrer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.referrer\"}}},{\"name\":\"http.referrer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.referrer\"}}},{\"name\":\"http.request.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.status_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.status_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.status_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.status_message\"}}},{\"name\":\"http.status_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.status_message\"}}},{\"name\":\"http.trans_depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.uri\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.uri.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.uri\"}}},{\"name\":\"http.uri.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.uri\"}}},{\"name\":\"http.useragent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.useragent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.useragent\"}}},{\"name\":\"http.useragent.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.useragent\"}}},{\"name\":\"http.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.version\"}}},{\"name\":\"http.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.version\"}}},{\"name\":\"http.virtual_host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.virtual_host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.virtual_host\"}}},{\"name\":\"http.virtual_host.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"http.virtual_host\"}}},{\"name\":\"ingest.timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ingest.timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ingest.timestamp\"}}},{\"name\":\"ingest.timestamp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ingest.timestamp\"}}},{\"name\":\"intel.indicator\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.indicator.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.indicator\"}}},{\"name\":\"intel.indicator_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.indicator_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.indicator_type\"}}},{\"name\":\"intel.indicator_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"intel.indicator_type\"}}},{\"name\":\"intel.matched\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.matched.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.matched\"}}},{\"name\":\"intel.matched.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"intel.matched\"}}},{\"name\":\"intel.seen_node\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.seen_node.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.seen_node\"}}},{\"name\":\"intel.seen_node.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"intel.seen_node\"}}},{\"name\":\"intel.seen_where\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.seen_where.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.seen_where\"}}},{\"name\":\"intel.seen_where.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"intel.seen_where\"}}},{\"name\":\"intel.sources\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"intel.sources.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"intel.sources\"}}},{\"name\":\"intel.sources.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"intel.sources\"}}},{\"name\":\"irc.command.info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.info\"}}},{\"name\":\"irc.command.info.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"irc.command.info\"}}},{\"name\":\"irc.command.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.type\"}}},{\"name\":\"irc.command.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"irc.command.type\"}}},{\"name\":\"irc.command.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.value\"}}},{\"name\":\"irc.command.value.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"irc.command.value\"}}},{\"name\":\"irc.nickname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.nickname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.nickname\"}}},{\"name\":\"irc.nickname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"irc.nickname\"}}},{\"name\":\"irc.username\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.username.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.username\"}}},{\"name\":\"irc.username.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"irc.username\"}}},{\"name\":\"kerberos.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.client\"}}},{\"name\":\"kerberos.client.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.client\"}}},{\"name\":\"kerberos.client_certificate_subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.client_certificate_subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.client_certificate_subject\"}}},{\"name\":\"kerberos.client_certificate_subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.client_certificate_subject\"}}},{\"name\":\"kerberos.error_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.error_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.error_message\"}}},{\"name\":\"kerberos.error_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.error_message\"}}},{\"name\":\"kerberos.request_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.request_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.request_type\"}}},{\"name\":\"kerberos.request_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.request_type\"}}},{\"name\":\"kerberos.server_certificate_subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.server_certificate_subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.server_certificate_subject\"}}},{\"name\":\"kerberos.server_certificate_subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.server_certificate_subject\"}}},{\"name\":\"kerberos.service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.service.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.service\"}}},{\"name\":\"kerberos.service.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.service\"}}},{\"name\":\"kerberos.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.cipher\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.cipher.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.cipher\"}}},{\"name\":\"kerberos.ticket.cipher.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.cipher\"}}},{\"name\":\"kerberos.ticket.forwardable\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.renewable\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.valid.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.valid.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.from\"}}},{\"name\":\"kerberos.ticket.valid.from.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.from\"}}},{\"name\":\"kerberos.ticket.valid.until\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.valid.until.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.until\"}}},{\"name\":\"kerberos.ticket.valid.until.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.until\"}}},{\"name\":\"log.file.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.file.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.file.path\"}}},{\"name\":\"log.file.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.file.path\"}}},{\"name\":\"log.full\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.full.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.full\"}}},{\"name\":\"log.full.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.full\"}}},{\"name\":\"log.id.client_certificate_fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.client_certificate_fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.client_certificate_fuid\"}}},{\"name\":\"log.id.client_certificate_fuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.client_certificate_fuid\"}}},{\"name\":\"log.id.fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.fuid\"}}},{\"name\":\"log.id.fuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.fuid\"}}},{\"name\":\"log.id.fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.fuids\"}}},{\"name\":\"log.id.fuids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.fuids\"}}},{\"name\":\"log.id.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.id\"}}},{\"name\":\"log.id.id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.id\"}}},{\"name\":\"log.id.orig_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.orig_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.orig_fuids\"}}},{\"name\":\"log.id.orig_fuids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.orig_fuids\"}}},{\"name\":\"log.id.resp_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.resp_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.resp_fuids\"}}},{\"name\":\"log.id.resp_fuids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.resp_fuids\"}}},{\"name\":\"log.id.server_certificate_fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.server_certificate_fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.server_certificate_fuid\"}}},{\"name\":\"log.id.server_certificate_fuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.server_certificate_fuid\"}}},{\"name\":\"log.id.tunnel_parents\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.tunnel_parents.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.tunnel_parents\"}}},{\"name\":\"log.id.tunnel_parents.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.tunnel_parents\"}}},{\"name\":\"log.id.uid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.uid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.uid\"}}},{\"name\":\"log.id.uid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.uid\"}}},{\"name\":\"log.id.uids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.uids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.uids\"}}},{\"name\":\"log.id.uids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.id.uids\"}}},{\"name\":\"log.level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.level\"}}},{\"name\":\"log.level.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.level\"}}},{\"name\":\"log.location\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.location.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.location\"}}},{\"name\":\"log.location.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.location\"}}},{\"name\":\"log.offset\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.previous_log\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.previous_log.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.previous_log\"}}},{\"name\":\"log.previous_log.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.previous_log\"}}},{\"name\":\"log.previous_output\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.previous_output.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.previous_output\"}}},{\"name\":\"log.previous_output.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"log.previous_output\"}}},{\"name\":\"manager.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"manager.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"manager.name\"}}},{\"name\":\"manager.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"manager.name\"}}},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"message\"}}},{\"name\":\"modbus.function\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"modbus.function.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"modbus.function\"}}},{\"name\":\"modbus.function.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"modbus.function\"}}},{\"name\":\"mysql.argument\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.argument.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.argument\"}}},{\"name\":\"mysql.argument.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"mysql.argument\"}}},{\"name\":\"mysql.command\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.command.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.command\"}}},{\"name\":\"mysql.command.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"mysql.command\"}}},{\"name\":\"mysql.response\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.response.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.response\"}}},{\"name\":\"mysql.response.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"mysql.response\"}}},{\"name\":\"mysql.rows\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.community_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.community_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.community_id\"}}},{\"name\":\"network.community_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"network.community_id\"}}},{\"name\":\"network.data.decoded\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.data.decoded.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.data.decoded\"}}},{\"name\":\"network.data.decoded.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"network.data.decoded\"}}},{\"name\":\"network.protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.protocol\"}}},{\"name\":\"network.protocol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"network.protocol\"}}},{\"name\":\"network.transport\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.transport.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.transport\"}}},{\"name\":\"network.transport.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"network.transport\"}}},{\"name\":\"notice.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.action\"}}},{\"name\":\"notice.action.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"notice.action\"}}},{\"name\":\"notice.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.message\"}}},{\"name\":\"notice.message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"notice.message\"}}},{\"name\":\"notice.note\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.note.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.note\"}}},{\"name\":\"notice.note.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"notice.note\"}}},{\"name\":\"notice.p\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notice.peer_description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.peer_description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.peer_description\"}}},{\"name\":\"notice.peer_description.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"notice.peer_description\"}}},{\"name\":\"notice.sub_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.sub_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.sub_message\"}}},{\"name\":\"notice.sub_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"notice.sub_message\"}}},{\"name\":\"notice.suppress_for\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ntlm.server.dns.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.dns.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.dns.name\"}}},{\"name\":\"ntlm.server.dns.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.dns.name\"}}},{\"name\":\"ntlm.server.nb.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.nb.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.nb.name\"}}},{\"name\":\"ntlm.server.nb.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.nb.name\"}}},{\"name\":\"ntlm.server.tree.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.tree.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.tree.name\"}}},{\"name\":\"ntlm.server.tree.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.tree.name\"}}},{\"name\":\"ntlm.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"observer.analyzer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"observer.analyzer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"observer.analyzer\"}}},{\"name\":\"observer.analyzer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"observer.analyzer\"}}},{\"name\":\"observer.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"observer.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"observer.name\"}}},{\"name\":\"observer.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"observer.name\"}}},{\"name\":\"osquery.result.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.action\"}}},{\"name\":\"osquery.result.action.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.action\"}}},{\"name\":\"osquery.result.calendarTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.calendarTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.calendarTime\"}}},{\"name\":\"osquery.result.calendarTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.calendarTime\"}}},{\"name\":\"osquery.result.codename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.codename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.codename\"}}},{\"name\":\"osquery.result.codename.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.codename\"}}},{\"name\":\"osquery.result.columns.command\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.command.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.command\"}}},{\"name\":\"osquery.result.columns.command.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.command\"}}},{\"name\":\"osquery.result.columns.day_of_month\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.day_of_month.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.day_of_month\"}}},{\"name\":\"osquery.result.columns.day_of_month.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.day_of_month\"}}},{\"name\":\"osquery.result.columns.day_of_week\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.day_of_week.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.day_of_week\"}}},{\"name\":\"osquery.result.columns.day_of_week.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.day_of_week\"}}},{\"name\":\"osquery.result.columns.days\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.days.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.days\"}}},{\"name\":\"osquery.result.columns.days.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.days\"}}},{\"name\":\"osquery.result.columns.event\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.event.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.event\"}}},{\"name\":\"osquery.result.columns.event.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.event\"}}},{\"name\":\"osquery.result.columns.hour\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.hour.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.hour\"}}},{\"name\":\"osquery.result.columns.hour.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.hour\"}}},{\"name\":\"osquery.result.columns.hours\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.hours.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.hours\"}}},{\"name\":\"osquery.result.columns.hours.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.hours\"}}},{\"name\":\"osquery.result.columns.minute\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.minute.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.minute\"}}},{\"name\":\"osquery.result.columns.minute.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.minute\"}}},{\"name\":\"osquery.result.columns.minutes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.minutes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.minutes\"}}},{\"name\":\"osquery.result.columns.minutes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.minutes\"}}},{\"name\":\"osquery.result.columns.month\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.month.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.month\"}}},{\"name\":\"osquery.result.columns.month.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.month\"}}},{\"name\":\"osquery.result.columns.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.path\"}}},{\"name\":\"osquery.result.columns.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.path\"}}},{\"name\":\"osquery.result.columns.seconds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.seconds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.seconds\"}}},{\"name\":\"osquery.result.columns.seconds.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.seconds\"}}},{\"name\":\"osquery.result.columns.total_seconds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.total_seconds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.total_seconds\"}}},{\"name\":\"osquery.result.columns.total_seconds.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.total_seconds\"}}},{\"name\":\"osquery.result.counter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.endpoint_ip1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.endpoint_ip1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip1\"}}},{\"name\":\"osquery.result.endpoint_ip1.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip1\"}}},{\"name\":\"osquery.result.endpoint_ip2\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.endpoint_ip2.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip2\"}}},{\"name\":\"osquery.result.endpoint_ip2.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip2\"}}},{\"name\":\"osquery.result.epoch\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.hardware_serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.hardware_serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hardware_serial\"}}},{\"name\":\"osquery.result.hardware_serial.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hardware_serial\"}}},{\"name\":\"osquery.result.hostIdentifier\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.hostIdentifier.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hostIdentifier\"}}},{\"name\":\"osquery.result.hostIdentifier.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hostIdentifier\"}}},{\"name\":\"osquery.result.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hostname\"}}},{\"name\":\"osquery.result.hostname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hostname\"}}},{\"name\":\"osquery.result.live_query\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.live_query.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.live_query\"}}},{\"name\":\"osquery.result.live_query.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.live_query\"}}},{\"name\":\"osquery.result.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.name\"}}},{\"name\":\"osquery.result.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"osquery.result.name\"}}},{\"name\":\"osquery.result.numerics\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.unixTime\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.args.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.args\"}}},{\"name\":\"process.args.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.args\"}}},{\"name\":\"process.cmd\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.cmd.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.cmd\"}}},{\"name\":\"process.cmd.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.cmd\"}}},{\"name\":\"process.command_line\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.command_line.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.command_line\"}}},{\"name\":\"process.command_line.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.command_line\"}}},{\"name\":\"process.egroup\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.egroup.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.egroup\"}}},{\"name\":\"process.egroup.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.egroup\"}}},{\"name\":\"process.entity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.entity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.entity_id\"}}},{\"name\":\"process.entity_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.entity_id\"}}},{\"name\":\"process.euser\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.euser.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.euser\"}}},{\"name\":\"process.euser.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.euser\"}}},{\"name\":\"process.executable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.executable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.executable\"}}},{\"name\":\"process.executable.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.executable\"}}},{\"name\":\"process.fgroup\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.fgroup.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.fgroup\"}}},{\"name\":\"process.fgroup.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.fgroup\"}}},{\"name\":\"process.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.name\"}}},{\"name\":\"process.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.name\"}}},{\"name\":\"process.nice\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.nice.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.nice\"}}},{\"name\":\"process.nice.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.nice\"}}},{\"name\":\"process.nlwp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.nlwp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.nlwp\"}}},{\"name\":\"process.nlwp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.nlwp\"}}},{\"name\":\"process.parent.command_line\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.command_line.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.command_line\"}}},{\"name\":\"process.parent.command_line.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.parent.command_line\"}}},{\"name\":\"process.parent.entity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.entity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.entity_id\"}}},{\"name\":\"process.parent.entity_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.parent.entity_id\"}}},{\"name\":\"process.parent.executable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.executable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.executable\"}}},{\"name\":\"process.parent.executable.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.parent.executable\"}}},{\"name\":\"process.pe.company\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.company.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.company\"}}},{\"name\":\"process.pe.company.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pe.company\"}}},{\"name\":\"process.pe.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.description\"}}},{\"name\":\"process.pe.description.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pe.description\"}}},{\"name\":\"process.pe.file_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.file_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.file_version\"}}},{\"name\":\"process.pe.file_version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pe.file_version\"}}},{\"name\":\"process.pe.original_file_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.original_file_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.original_file_name\"}}},{\"name\":\"process.pe.original_file_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pe.original_file_name\"}}},{\"name\":\"process.pe.product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.product\"}}},{\"name\":\"process.pe.product.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pe.product\"}}},{\"name\":\"process.pgrp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pgrp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pgrp\"}}},{\"name\":\"process.pgrp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pgrp\"}}},{\"name\":\"process.pid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pid\"}}},{\"name\":\"process.pid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.pid\"}}},{\"name\":\"process.ppid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.ppid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.ppid\"}}},{\"name\":\"process.ppid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.ppid\"}}},{\"name\":\"process.priority\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.priority.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.priority\"}}},{\"name\":\"process.priority.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.priority\"}}},{\"name\":\"process.processor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.processor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.processor\"}}},{\"name\":\"process.processor.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.processor\"}}},{\"name\":\"process.resident\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.resident.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.resident\"}}},{\"name\":\"process.resident.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.resident\"}}},{\"name\":\"process.rgroup\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.rgroup.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.rgroup\"}}},{\"name\":\"process.rgroup.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.rgroup\"}}},{\"name\":\"process.ruser\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.ruser.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.ruser\"}}},{\"name\":\"process.ruser.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.ruser\"}}},{\"name\":\"process.session\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.session.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.session\"}}},{\"name\":\"process.session.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.session\"}}},{\"name\":\"process.sgroup\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.sgroup.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.sgroup\"}}},{\"name\":\"process.sgroup.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.sgroup\"}}},{\"name\":\"process.share\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.share.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.share\"}}},{\"name\":\"process.share.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.share\"}}},{\"name\":\"process.size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.size\"}}},{\"name\":\"process.size.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.size\"}}},{\"name\":\"process.start_time\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.start_time.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.start_time\"}}},{\"name\":\"process.start_time.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.start_time\"}}},{\"name\":\"process.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.state\"}}},{\"name\":\"process.state.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.state\"}}},{\"name\":\"process.stime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.stime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.stime\"}}},{\"name\":\"process.stime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.stime\"}}},{\"name\":\"process.suser\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.suser.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.suser\"}}},{\"name\":\"process.suser.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.suser\"}}},{\"name\":\"process.tgid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.tgid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.tgid\"}}},{\"name\":\"process.tgid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.tgid\"}}},{\"name\":\"process.tty\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.tty.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.tty\"}}},{\"name\":\"process.tty.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.tty\"}}},{\"name\":\"process.utime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.utime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.utime\"}}},{\"name\":\"process.utime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.utime\"}}},{\"name\":\"process.vm_size\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.vm_size.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.vm_size\"}}},{\"name\":\"process.vm_size.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.vm_size\"}}},{\"name\":\"process.working_directory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.working_directory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.working_directory\"}}},{\"name\":\"process.working_directory.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"process.working_directory\"}}},{\"name\":\"radius.framed_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.framed_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.framed_address\"}}},{\"name\":\"radius.framed_address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"radius.framed_address\"}}},{\"name\":\"radius.reply_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.reply_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.reply_message\"}}},{\"name\":\"radius.reply_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"radius.reply_message\"}}},{\"name\":\"radius.result\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.result.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.result\"}}},{\"name\":\"radius.result.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"radius.result\"}}},{\"name\":\"rdp.certificate_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.certificate_permanent\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.certificate_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.certificate_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.certificate_type\"}}},{\"name\":\"rdp.certificate_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.certificate_type\"}}},{\"name\":\"rdp.client_build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.client_build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.client_build\"}}},{\"name\":\"rdp.client_build.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.client_build\"}}},{\"name\":\"rdp.cookie\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.cookie.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.cookie\"}}},{\"name\":\"rdp.cookie.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.cookie\"}}},{\"name\":\"rdp.desktop.height\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.desktop.width\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.encryption_level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.encryption_level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_level\"}}},{\"name\":\"rdp.encryption_level.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_level\"}}},{\"name\":\"rdp.encryption_method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.encryption_method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_method\"}}},{\"name\":\"rdp.encryption_method.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_method\"}}},{\"name\":\"rdp.keyboard_layout\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.keyboard_layout.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.keyboard_layout\"}}},{\"name\":\"rdp.keyboard_layout.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.keyboard_layout\"}}},{\"name\":\"rdp.requested_color_depth\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.requested_color_depth.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.requested_color_depth\"}}},{\"name\":\"rdp.requested_color_depth.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.requested_color_depth\"}}},{\"name\":\"rdp.result\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.result.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.result\"}}},{\"name\":\"rdp.result.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.result\"}}},{\"name\":\"rdp.security_protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.security_protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.security_protocol\"}}},{\"name\":\"rdp.security_protocol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rdp.security_protocol\"}}},{\"name\":\"request.attributes.filename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.attributes.filename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.attributes.filename\"}}},{\"name\":\"request.attributes.filename.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"request.attributes.filename\"}}},{\"name\":\"request.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.client\"}}},{\"name\":\"request.client.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"request.client\"}}},{\"name\":\"request.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.id\"}}},{\"name\":\"request.id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"request.id\"}}},{\"name\":\"request.source\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.source.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.source\"}}},{\"name\":\"request.source.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"request.source\"}}},{\"name\":\"request.time\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.action\"}}},{\"name\":\"rule.action.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.action\"}}},{\"name\":\"rule.author\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.author.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.author\"}}},{\"name\":\"rule.author.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.author\"}}},{\"name\":\"rule.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.category\"}}},{\"name\":\"rule.category.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.category\"}}},{\"name\":\"rule.date\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.date.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.date\"}}},{\"name\":\"rule.date.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.date\"}}},{\"name\":\"rule.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.description\"}}},{\"name\":\"rule.description.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.description\"}}},{\"name\":\"rule.filetype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.filetype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.filetype\"}}},{\"name\":\"rule.filetype.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.filetype\"}}},{\"name\":\"rule.firedtimes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.gdpr\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.gdpr.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.gdpr\"}}},{\"name\":\"rule.gdpr.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.gdpr\"}}},{\"name\":\"rule.gid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.gpg13\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.gpg13.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.gpg13\"}}},{\"name\":\"rule.gpg13.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.gpg13\"}}},{\"name\":\"rule.groups\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.groups.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.groups\"}}},{\"name\":\"rule.groups.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.groups\"}}},{\"name\":\"rule.hash1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.hash1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.hash1\"}}},{\"name\":\"rule.hash1.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.hash1\"}}},{\"name\":\"rule.hipaa\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.hipaa.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.hipaa\"}}},{\"name\":\"rule.hipaa.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.hipaa\"}}},{\"name\":\"rule.info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.info\"}}},{\"name\":\"rule.info.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.info\"}}},{\"name\":\"rule.level\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.mail\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.maltype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.maltype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.maltype\"}}},{\"name\":\"rule.maltype.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.maltype\"}}},{\"name\":\"rule.metadata.affected_product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.affected_product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.affected_product\"}}},{\"name\":\"rule.metadata.affected_product.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.affected_product\"}}},{\"name\":\"rule.metadata.attack_target\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.attack_target.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.attack_target\"}}},{\"name\":\"rule.metadata.attack_target.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.attack_target\"}}},{\"name\":\"rule.metadata.created_at\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.created_at.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.created_at\"}}},{\"name\":\"rule.metadata.created_at.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.created_at\"}}},{\"name\":\"rule.metadata.deployment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.deployment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.deployment\"}}},{\"name\":\"rule.metadata.deployment.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.deployment\"}}},{\"name\":\"rule.metadata.former_category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.former_category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.former_category\"}}},{\"name\":\"rule.metadata.former_category.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.former_category\"}}},{\"name\":\"rule.metadata.malware_family\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.malware_family.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.malware_family\"}}},{\"name\":\"rule.metadata.malware_family.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.malware_family\"}}},{\"name\":\"rule.metadata.performance_impact\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.performance_impact.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.performance_impact\"}}},{\"name\":\"rule.metadata.performance_impact.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.performance_impact\"}}},{\"name\":\"rule.metadata.signature_severity\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.signature_severity.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.signature_severity\"}}},{\"name\":\"rule.metadata.signature_severity.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.signature_severity\"}}},{\"name\":\"rule.metadata.tag\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.tag.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.tag\"}}},{\"name\":\"rule.metadata.tag.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.tag\"}}},{\"name\":\"rule.metadata.updated_at\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.updated_at.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.updated_at\"}}},{\"name\":\"rule.metadata.updated_at.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.updated_at\"}}},{\"name\":\"rule.mitre.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.mitre.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.id\"}}},{\"name\":\"rule.mitre.id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.id\"}}},{\"name\":\"rule.mitre.tactic\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.mitre.tactic.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.tactic\"}}},{\"name\":\"rule.mitre.tactic.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.tactic\"}}},{\"name\":\"rule.mitre.technique\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.mitre.technique.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.technique\"}}},{\"name\":\"rule.mitre.technique.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.mitre.technique\"}}},{\"name\":\"rule.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.name\"}}},{\"name\":\"rule.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.name\"}}},{\"name\":\"rule.nist_800_53\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.nist_800_53.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.nist_800_53\"}}},{\"name\":\"rule.nist_800_53.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.nist_800_53\"}}},{\"name\":\"rule.pci_dss\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.pci_dss.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.pci_dss\"}}},{\"name\":\"rule.pci_dss.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.pci_dss\"}}},{\"name\":\"rule.reference\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.reference.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.reference\"}}},{\"name\":\"rule.reference.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.reference\"}}},{\"name\":\"rule.rev\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.rule\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.rule.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.rule\"}}},{\"name\":\"rule.rule.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.rule\"}}},{\"name\":\"rule.ruleset\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.ruleset.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.ruleset\"}}},{\"name\":\"rule.ruleset.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.ruleset\"}}},{\"name\":\"rule.score\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.tsc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.tsc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.tsc\"}}},{\"name\":\"rule.tsc.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"rule.tsc\"}}},{\"name\":\"rule.uuid\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.entropy.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.entropy.entropy\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.exiftool.About\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.About.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.About\"}}},{\"name\":\"scan.exiftool.About.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.About\"}}},{\"name\":\"scan.exiftool.AppVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.AppVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.AppVersion\"}}},{\"name\":\"scan.exiftool.AppVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.AppVersion\"}}},{\"name\":\"scan.exiftool.Author\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Author.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Author\"}}},{\"name\":\"scan.exiftool.Author.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Author\"}}},{\"name\":\"scan.exiftool.BitDepth\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.BitDepth.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BitDepth\"}}},{\"name\":\"scan.exiftool.BitDepth.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BitDepth\"}}},{\"name\":\"scan.exiftool.BuildID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.BuildID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BuildID\"}}},{\"name\":\"scan.exiftool.BuildID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BuildID\"}}},{\"name\":\"scan.exiftool.CharCountWithSpaces\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CharCountWithSpaces.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharCountWithSpaces\"}}},{\"name\":\"scan.exiftool.CharCountWithSpaces.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharCountWithSpaces\"}}},{\"name\":\"scan.exiftool.CharacterSet\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CharacterSet.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharacterSet\"}}},{\"name\":\"scan.exiftool.CharacterSet.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharacterSet\"}}},{\"name\":\"scan.exiftool.Characters\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Characters.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Characters\"}}},{\"name\":\"scan.exiftool.Characters.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Characters\"}}},{\"name\":\"scan.exiftool.CodePage\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CodePage.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodePage\"}}},{\"name\":\"scan.exiftool.CodePage.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodePage\"}}},{\"name\":\"scan.exiftool.CodeSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CodeSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodeSize\"}}},{\"name\":\"scan.exiftool.CodeSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodeSize\"}}},{\"name\":\"scan.exiftool.ColorType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ColorType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ColorType\"}}},{\"name\":\"scan.exiftool.ColorType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ColorType\"}}},{\"name\":\"scan.exiftool.Comments\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Comments.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Comments\"}}},{\"name\":\"scan.exiftool.Comments.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Comments\"}}},{\"name\":\"scan.exiftool.CompObjUserType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CompObjUserType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserType\"}}},{\"name\":\"scan.exiftool.CompObjUserType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserType\"}}},{\"name\":\"scan.exiftool.CompObjUserTypeLen\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CompObjUserTypeLen.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserTypeLen\"}}},{\"name\":\"scan.exiftool.CompObjUserTypeLen.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserTypeLen\"}}},{\"name\":\"scan.exiftool.Company\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Company.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Company\"}}},{\"name\":\"scan.exiftool.Company.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Company\"}}},{\"name\":\"scan.exiftool.CompanyName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CompanyName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompanyName\"}}},{\"name\":\"scan.exiftool.CompanyName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompanyName\"}}},{\"name\":\"scan.exiftool.Compression\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Compression.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Compression\"}}},{\"name\":\"scan.exiftool.Compression.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Compression\"}}},{\"name\":\"scan.exiftool.CreateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CreateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreateDate\"}}},{\"name\":\"scan.exiftool.CreateDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreateDate\"}}},{\"name\":\"scan.exiftool.Creator\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Creator.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Creator\"}}},{\"name\":\"scan.exiftool.Creator.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Creator\"}}},{\"name\":\"scan.exiftool.CreatorTool\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CreatorTool.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreatorTool\"}}},{\"name\":\"scan.exiftool.CreatorTool.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreatorTool\"}}},{\"name\":\"scan.exiftool.DerivedFromDocumentID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.DerivedFromDocumentID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromDocumentID\"}}},{\"name\":\"scan.exiftool.DerivedFromDocumentID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromDocumentID\"}}},{\"name\":\"scan.exiftool.DerivedFromInstanceID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.DerivedFromInstanceID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromInstanceID\"}}},{\"name\":\"scan.exiftool.DerivedFromInstanceID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromInstanceID\"}}},{\"name\":\"scan.exiftool.Directory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Directory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Directory\"}}},{\"name\":\"scan.exiftool.Directory.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Directory\"}}},{\"name\":\"scan.exiftool.DocumentID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.DocumentID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DocumentID\"}}},{\"name\":\"scan.exiftool.DocumentID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DocumentID\"}}},{\"name\":\"scan.exiftool.EntryPoint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.EntryPoint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.EntryPoint\"}}},{\"name\":\"scan.exiftool.EntryPoint.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.EntryPoint\"}}},{\"name\":\"scan.exiftool.Error\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Error.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Error\"}}},{\"name\":\"scan.exiftool.Error.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Error\"}}},{\"name\":\"scan.exiftool.ExifToolVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ExifToolVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ExifToolVersion\"}}},{\"name\":\"scan.exiftool.ExifToolVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ExifToolVersion\"}}},{\"name\":\"scan.exiftool.FileAccessDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileAccessDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileAccessDate\"}}},{\"name\":\"scan.exiftool.FileAccessDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileAccessDate\"}}},{\"name\":\"scan.exiftool.FileDescription\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileDescription.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileDescription\"}}},{\"name\":\"scan.exiftool.FileDescription.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileDescription\"}}},{\"name\":\"scan.exiftool.FileFlags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileFlags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlags\"}}},{\"name\":\"scan.exiftool.FileFlags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlags\"}}},{\"name\":\"scan.exiftool.FileFlagsMask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileFlagsMask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlagsMask\"}}},{\"name\":\"scan.exiftool.FileFlagsMask.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlagsMask\"}}},{\"name\":\"scan.exiftool.FileInodeChangeDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileInodeChangeDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileInodeChangeDate\"}}},{\"name\":\"scan.exiftool.FileInodeChangeDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileInodeChangeDate\"}}},{\"name\":\"scan.exiftool.FileModifyDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileModifyDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileModifyDate\"}}},{\"name\":\"scan.exiftool.FileModifyDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileModifyDate\"}}},{\"name\":\"scan.exiftool.FileName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileName\"}}},{\"name\":\"scan.exiftool.FileName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileName\"}}},{\"name\":\"scan.exiftool.FileOS\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileOS.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileOS\"}}},{\"name\":\"scan.exiftool.FileOS.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileOS\"}}},{\"name\":\"scan.exiftool.FilePermissions\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FilePermissions.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FilePermissions\"}}},{\"name\":\"scan.exiftool.FilePermissions.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FilePermissions\"}}},{\"name\":\"scan.exiftool.FileSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSize\"}}},{\"name\":\"scan.exiftool.FileSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSize\"}}},{\"name\":\"scan.exiftool.FileSubtype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileSubtype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSubtype\"}}},{\"name\":\"scan.exiftool.FileSubtype.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSubtype\"}}},{\"name\":\"scan.exiftool.FileType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileType\"}}},{\"name\":\"scan.exiftool.FileType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileType\"}}},{\"name\":\"scan.exiftool.FileTypeExtension\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileTypeExtension.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileTypeExtension\"}}},{\"name\":\"scan.exiftool.FileTypeExtension.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileTypeExtension\"}}},{\"name\":\"scan.exiftool.FileVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersion\"}}},{\"name\":\"scan.exiftool.FileVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersion\"}}},{\"name\":\"scan.exiftool.FileVersionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileVersionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersionNumber\"}}},{\"name\":\"scan.exiftool.FileVersionNumber.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersionNumber\"}}},{\"name\":\"scan.exiftool.Filter\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Filter.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Filter\"}}},{\"name\":\"scan.exiftool.Filter.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Filter\"}}},{\"name\":\"scan.exiftool.Format\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Format.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Format\"}}},{\"name\":\"scan.exiftool.Format.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Format\"}}},{\"name\":\"scan.exiftool.HasXFA\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.HasXFA.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HasXFA\"}}},{\"name\":\"scan.exiftool.HasXFA.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HasXFA\"}}},{\"name\":\"scan.exiftool.HeadingPairs\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.HeadingPairs.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HeadingPairs\"}}},{\"name\":\"scan.exiftool.HeadingPairs.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HeadingPairs\"}}},{\"name\":\"scan.exiftool.HyperlinksChanged\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.HyperlinksChanged.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HyperlinksChanged\"}}},{\"name\":\"scan.exiftool.HyperlinksChanged.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HyperlinksChanged\"}}},{\"name\":\"scan.exiftool.ImageHeight\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageHeight.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageHeight\"}}},{\"name\":\"scan.exiftool.ImageHeight.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageHeight\"}}},{\"name\":\"scan.exiftool.ImageSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageSize\"}}},{\"name\":\"scan.exiftool.ImageSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageSize\"}}},{\"name\":\"scan.exiftool.ImageVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageVersion\"}}},{\"name\":\"scan.exiftool.ImageVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageVersion\"}}},{\"name\":\"scan.exiftool.ImageWidth\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageWidth.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageWidth\"}}},{\"name\":\"scan.exiftool.ImageWidth.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageWidth\"}}},{\"name\":\"scan.exiftool.InitializedDataSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.InitializedDataSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InitializedDataSize\"}}},{\"name\":\"scan.exiftool.InitializedDataSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InitializedDataSize\"}}},{\"name\":\"scan.exiftool.InstanceID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.InstanceID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InstanceID\"}}},{\"name\":\"scan.exiftool.InstanceID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InstanceID\"}}},{\"name\":\"scan.exiftool.Interlace\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Interlace.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Interlace\"}}},{\"name\":\"scan.exiftool.Interlace.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Interlace\"}}},{\"name\":\"scan.exiftool.InternalName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.InternalName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InternalName\"}}},{\"name\":\"scan.exiftool.InternalName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InternalName\"}}},{\"name\":\"scan.exiftool.Keywords\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Keywords.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Keywords\"}}},{\"name\":\"scan.exiftool.Keywords.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Keywords\"}}},{\"name\":\"scan.exiftool.Language\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Language.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Language\"}}},{\"name\":\"scan.exiftool.Language.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Language\"}}},{\"name\":\"scan.exiftool.LanguageCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LanguageCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LanguageCode\"}}},{\"name\":\"scan.exiftool.LanguageCode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LanguageCode\"}}},{\"name\":\"scan.exiftool.LastModifiedBy\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LastModifiedBy.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LastModifiedBy\"}}},{\"name\":\"scan.exiftool.LastModifiedBy.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LastModifiedBy\"}}},{\"name\":\"scan.exiftool.LegalCopyright\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LegalCopyright.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalCopyright\"}}},{\"name\":\"scan.exiftool.LegalCopyright.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalCopyright\"}}},{\"name\":\"scan.exiftool.LegalTrademarks\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LegalTrademarks.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalTrademarks\"}}},{\"name\":\"scan.exiftool.LegalTrademarks.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalTrademarks\"}}},{\"name\":\"scan.exiftool.Linearized\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Linearized.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Linearized\"}}},{\"name\":\"scan.exiftool.Linearized.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Linearized\"}}},{\"name\":\"scan.exiftool.Lines\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Lines.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Lines\"}}},{\"name\":\"scan.exiftool.Lines.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Lines\"}}},{\"name\":\"scan.exiftool.LinkerVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LinkerVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinkerVersion\"}}},{\"name\":\"scan.exiftool.LinkerVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinkerVersion\"}}},{\"name\":\"scan.exiftool.LinksUpToDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LinksUpToDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinksUpToDate\"}}},{\"name\":\"scan.exiftool.LinksUpToDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinksUpToDate\"}}},{\"name\":\"scan.exiftool.MIMEType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.MIMEType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MIMEType\"}}},{\"name\":\"scan.exiftool.MIMEType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MIMEType\"}}},{\"name\":\"scan.exiftool.MachineType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.MachineType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MachineType\"}}},{\"name\":\"scan.exiftool.MachineType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MachineType\"}}},{\"name\":\"scan.exiftool.Megapixels\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Megapixels.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Megapixels\"}}},{\"name\":\"scan.exiftool.Megapixels.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Megapixels\"}}},{\"name\":\"scan.exiftool.ModifyDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ModifyDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ModifyDate\"}}},{\"name\":\"scan.exiftool.ModifyDate.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ModifyDate\"}}},{\"name\":\"scan.exiftool.OSVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.OSVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OSVersion\"}}},{\"name\":\"scan.exiftool.OSVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OSVersion\"}}},{\"name\":\"scan.exiftool.ObjectFileType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ObjectFileType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ObjectFileType\"}}},{\"name\":\"scan.exiftool.ObjectFileType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ObjectFileType\"}}},{\"name\":\"scan.exiftool.OriginalFileName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.OriginalFileName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OriginalFileName\"}}},{\"name\":\"scan.exiftool.OriginalFileName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OriginalFileName\"}}},{\"name\":\"scan.exiftool.PDFVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PDFVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PDFVersion\"}}},{\"name\":\"scan.exiftool.PDFVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PDFVersion\"}}},{\"name\":\"scan.exiftool.PEType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PEType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PEType\"}}},{\"name\":\"scan.exiftool.PEType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PEType\"}}},{\"name\":\"scan.exiftool.PTEX_Fullbanner\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PTEX_Fullbanner.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PTEX_Fullbanner\"}}},{\"name\":\"scan.exiftool.PTEX_Fullbanner.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PTEX_Fullbanner\"}}},{\"name\":\"scan.exiftool.PageCount\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PageCount.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PageCount\"}}},{\"name\":\"scan.exiftool.PageCount.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PageCount\"}}},{\"name\":\"scan.exiftool.Pages\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Pages.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Pages\"}}},{\"name\":\"scan.exiftool.Pages.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Pages\"}}},{\"name\":\"scan.exiftool.Paragraphs\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Paragraphs.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Paragraphs\"}}},{\"name\":\"scan.exiftool.Paragraphs.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Paragraphs\"}}},{\"name\":\"scan.exiftool.PrivateBuild\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PrivateBuild.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PrivateBuild\"}}},{\"name\":\"scan.exiftool.PrivateBuild.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PrivateBuild\"}}},{\"name\":\"scan.exiftool.Producer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Producer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Producer\"}}},{\"name\":\"scan.exiftool.Producer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Producer\"}}},{\"name\":\"scan.exiftool.ProductName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ProductName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductName\"}}},{\"name\":\"scan.exiftool.ProductName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductName\"}}},{\"name\":\"scan.exiftool.ProductVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ProductVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersion\"}}},{\"name\":\"scan.exiftool.ProductVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersion\"}}},{\"name\":\"scan.exiftool.ProductVersionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ProductVersionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersionNumber\"}}},{\"name\":\"scan.exiftool.ProductVersionNumber.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersionNumber\"}}},{\"name\":\"scan.exiftool.RevisionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.RevisionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.RevisionNumber\"}}},{\"name\":\"scan.exiftool.RevisionNumber.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.RevisionNumber\"}}},{\"name\":\"scan.exiftool.ScaleCrop\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ScaleCrop.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ScaleCrop\"}}},{\"name\":\"scan.exiftool.ScaleCrop.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ScaleCrop\"}}},{\"name\":\"scan.exiftool.Security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Security.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Security\"}}},{\"name\":\"scan.exiftool.Security.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Security\"}}},{\"name\":\"scan.exiftool.SharedDoc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SharedDoc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SharedDoc\"}}},{\"name\":\"scan.exiftool.SharedDoc.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SharedDoc\"}}},{\"name\":\"scan.exiftool.Software\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Software.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Software\"}}},{\"name\":\"scan.exiftool.Software.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Software\"}}},{\"name\":\"scan.exiftool.SourceFile\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SourceFile.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SourceFile\"}}},{\"name\":\"scan.exiftool.SourceFile.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SourceFile\"}}},{\"name\":\"scan.exiftool.SpecialBuild\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SpecialBuild.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SpecialBuild\"}}},{\"name\":\"scan.exiftool.SpecialBuild.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SpecialBuild\"}}},{\"name\":\"scan.exiftool.Subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subject\"}}},{\"name\":\"scan.exiftool.Subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subject\"}}},{\"name\":\"scan.exiftool.Subsystem\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Subsystem.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subsystem\"}}},{\"name\":\"scan.exiftool.Subsystem.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subsystem\"}}},{\"name\":\"scan.exiftool.SubsystemVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SubsystemVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SubsystemVersion\"}}},{\"name\":\"scan.exiftool.SubsystemVersion.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SubsystemVersion\"}}},{\"name\":\"scan.exiftool.SvnRevision\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SvnRevision.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SvnRevision\"}}},{\"name\":\"scan.exiftool.SvnRevision.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SvnRevision\"}}},{\"name\":\"scan.exiftool.Template\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Template.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Template\"}}},{\"name\":\"scan.exiftool.Template.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Template\"}}},{\"name\":\"scan.exiftool.TimeStamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.TimeStamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TimeStamp\"}}},{\"name\":\"scan.exiftool.TimeStamp.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TimeStamp\"}}},{\"name\":\"scan.exiftool.Title\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Title.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Title\"}}},{\"name\":\"scan.exiftool.Title.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Title\"}}},{\"name\":\"scan.exiftool.TitleOfParts\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.TitleOfParts.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TitleOfParts\"}}},{\"name\":\"scan.exiftool.TitleOfParts.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TitleOfParts\"}}},{\"name\":\"scan.exiftool.TotalEditTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.TotalEditTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TotalEditTime\"}}},{\"name\":\"scan.exiftool.TotalEditTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TotalEditTime\"}}},{\"name\":\"scan.exiftool.Trapped\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Trapped.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Trapped\"}}},{\"name\":\"scan.exiftool.Trapped.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Trapped\"}}},{\"name\":\"scan.exiftool.UninitializedDataSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.UninitializedDataSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.UninitializedDataSize\"}}},{\"name\":\"scan.exiftool.UninitializedDataSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.UninitializedDataSize\"}}},{\"name\":\"scan.exiftool.Warning\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Warning.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Warning\"}}},{\"name\":\"scan.exiftool.Warning.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Warning\"}}},{\"name\":\"scan.exiftool.Words\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Words.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Words\"}}},{\"name\":\"scan.exiftool.Words.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Words\"}}},{\"name\":\"scan.exiftool.XMPToolkit\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.XMPToolkit.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.XMPToolkit\"}}},{\"name\":\"scan.exiftool.XMPToolkit.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.XMPToolkit\"}}},{\"name\":\"scan.exiftool.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.header.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.header.header\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.header.header.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.header.header\"}}},{\"name\":\"scan.header.header.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.header.header\"}}},{\"name\":\"scan.ini.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ini.keys.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.keys.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.name\"}}},{\"name\":\"scan.ini.keys.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.name\"}}},{\"name\":\"scan.ini.keys.section\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.keys.section.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.section\"}}},{\"name\":\"scan.ini.keys.section.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.section\"}}},{\"name\":\"scan.ini.keys.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.keys.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.value\"}}},{\"name\":\"scan.ini.keys.value.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.value\"}}},{\"name\":\"scan.ini.sections\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.sections.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.sections\"}}},{\"name\":\"scan.ini.sections.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.ini.sections\"}}},{\"name\":\"scan.libarchive.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.libarchive.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.libarchive.total.files\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.mmbot.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.mmbot.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.mmbot.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.mmbot.flags\"}}},{\"name\":\"scan.mmbot.flags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.mmbot.flags\"}}},{\"name\":\"scan.ocr.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ole.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ole.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ole.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ole.flags\"}}},{\"name\":\"scan.ole.flags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.ole.flags\"}}},{\"name\":\"scan.ole.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ole.total.streams\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pdf.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pdf.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pdf.total.objects\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.debug.age\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.debug.guid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.debug.guid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.guid\"}}},{\"name\":\"scan.pe.debug.guid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.guid\"}}},{\"name\":\"scan.pe.debug.pdb\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.debug.pdb.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.pdb\"}}},{\"name\":\"scan.pe.debug.pdb.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.pdb\"}}},{\"name\":\"scan.pe.debug.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.debug.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.type\"}}},{\"name\":\"scan.pe.debug.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.type\"}}},{\"name\":\"scan.pe.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.file_info.fixed.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.fixed.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.flags\"}}},{\"name\":\"scan.pe.file_info.fixed.flags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.flags\"}}},{\"name\":\"scan.pe.file_info.fixed.operating_systems\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.fixed.operating_systems.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.operating_systems\"}}},{\"name\":\"scan.pe.file_info.fixed.operating_systems.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.operating_systems\"}}},{\"name\":\"scan.pe.file_info.fixed.type.primary\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.fixed.type.primary.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.type.primary\"}}},{\"name\":\"scan.pe.file_info.fixed.type.primary.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.type.primary\"}}},{\"name\":\"scan.pe.file_info.string.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.string.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.name\"}}},{\"name\":\"scan.pe.file_info.string.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.name\"}}},{\"name\":\"scan.pe.file_info.string.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.string.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.value\"}}},{\"name\":\"scan.pe.file_info.string.value.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.value\"}}},{\"name\":\"scan.pe.file_info.var.character_set\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.var.character_set.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.character_set\"}}},{\"name\":\"scan.pe.file_info.var.character_set.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.character_set\"}}},{\"name\":\"scan.pe.file_info.var.language\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.var.language.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.language\"}}},{\"name\":\"scan.pe.file_info.var.language.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.language\"}}},{\"name\":\"scan.pe.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.flags\"}}},{\"name\":\"scan.pe.flags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.flags\"}}},{\"name\":\"scan.pe.header.address.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.address.data\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.address.entry_point\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.address.image\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.alignment.file\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.alignment.section\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.characteristics.dll\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.characteristics.dll.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.dll\"}}},{\"name\":\"scan.pe.header.characteristics.dll.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.dll\"}}},{\"name\":\"scan.pe.header.characteristics.image\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.characteristics.image.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.image\"}}},{\"name\":\"scan.pe.header.characteristics.image.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.image\"}}},{\"name\":\"scan.pe.header.checksum\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.machine.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.machine.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.machine.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.machine.type\"}}},{\"name\":\"scan.pe.header.machine.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.machine.type\"}}},{\"name\":\"scan.pe.header.magic.dos\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.magic.dos.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.dos\"}}},{\"name\":\"scan.pe.header.magic.dos.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.dos\"}}},{\"name\":\"scan.pe.header.magic.image\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.magic.image.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.image\"}}},{\"name\":\"scan.pe.header.magic.image.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.image\"}}},{\"name\":\"scan.pe.header.size.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.data.initialized\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.data.uninitialized\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.headers\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.heap.commit\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.heap.reserve\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.image\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.stack.commit\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.stack.reserve\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.subsystem\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.subsystem.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.subsystem\"}}},{\"name\":\"scan.pe.header.subsystem.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.subsystem\"}}},{\"name\":\"scan.pe.header.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.image\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.linker\",\"type\":\"number\",\"esTypes\":[\"float\",\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.operating_system\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.subsystem\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.imphash\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.imphash.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.imphash\"}}},{\"name\":\"scan.pe.imphash.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.imphash\"}}},{\"name\":\"scan.pe.resources.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.resources.language.primary\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.language.primary.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.primary\"}}},{\"name\":\"scan.pe.resources.language.primary.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.primary\"}}},{\"name\":\"scan.pe.resources.language.sub\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.language.sub.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.sub\"}}},{\"name\":\"scan.pe.resources.language.sub.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.sub\"}}},{\"name\":\"scan.pe.resources.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.name\"}}},{\"name\":\"scan.pe.resources.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.name\"}}},{\"name\":\"scan.pe.resources.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.type\"}}},{\"name\":\"scan.pe.resources.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.type\"}}},{\"name\":\"scan.pe.sections.address.physical\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.sections.address.virtual\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.sections.characteristics\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.sections.characteristics.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.characteristics\"}}},{\"name\":\"scan.pe.sections.characteristics.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.characteristics\"}}},{\"name\":\"scan.pe.sections.entropy\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.sections.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.sections.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.name\"}}},{\"name\":\"scan.pe.sections.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.name\"}}},{\"name\":\"scan.pe.sections.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.symbols.exported\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.exported.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.exported\"}}},{\"name\":\"scan.pe.symbols.exported.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.exported\"}}},{\"name\":\"scan.pe.symbols.imported\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.imported.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.imported\"}}},{\"name\":\"scan.pe.symbols.imported.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.imported\"}}},{\"name\":\"scan.pe.symbols.libraries\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.libraries.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.libraries\"}}},{\"name\":\"scan.pe.symbols.libraries.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.libraries\"}}},{\"name\":\"scan.pe.symbols.table.address\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.symbols.table.library\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.library.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.library\"}}},{\"name\":\"scan.pe.symbols.table.library.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.library\"}}},{\"name\":\"scan.pe.symbols.table.symbol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.symbol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbol\"}}},{\"name\":\"scan.pe.symbols.table.symbol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbol\"}}},{\"name\":\"scan.pe.symbols.table.symbols\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.symbols.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbols\"}}},{\"name\":\"scan.pe.symbols.table.symbols.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbols\"}}},{\"name\":\"scan.pe.symbols.table.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.type\"}}},{\"name\":\"scan.pe.symbols.table.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.type\"}}},{\"name\":\"scan.pe.total.libraries\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.total.resources\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.total.sections\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.total.symbols\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pkcs7.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pkcs7.total.certificates\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pkcs7.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.upx.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.url.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.url.urls\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.url.urls.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.url.urls\"}}},{\"name\":\"scan.url.urls.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.url.urls\"}}},{\"name\":\"scan.vb.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.vb.functions\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.functions.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.functions\"}}},{\"name\":\"scan.vb.functions.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vb.functions\"}}},{\"name\":\"scan.vb.names\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.names.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.names\"}}},{\"name\":\"scan.vb.names.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vb.names\"}}},{\"name\":\"scan.vb.operators\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.operators.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.operators\"}}},{\"name\":\"scan.vb.operators.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vb.operators\"}}},{\"name\":\"scan.vb.strings\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.strings.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.strings\"}}},{\"name\":\"scan.vb.strings.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vb.strings\"}}},{\"name\":\"scan.vb.tokens\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.tokens.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.tokens\"}}},{\"name\":\"scan.vb.tokens.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vb.tokens\"}}},{\"name\":\"scan.vba.auto_exec\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.auto_exec.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.auto_exec\"}}},{\"name\":\"scan.vba.auto_exec.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vba.auto_exec\"}}},{\"name\":\"scan.vba.base64\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.base64.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.base64\"}}},{\"name\":\"scan.vba.base64.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vba.base64\"}}},{\"name\":\"scan.vba.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.vba.ioc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.ioc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.ioc\"}}},{\"name\":\"scan.vba.ioc.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vba.ioc\"}}},{\"name\":\"scan.vba.suspicious\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.suspicious.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.suspicious\"}}},{\"name\":\"scan.vba.suspicious.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.vba.suspicious\"}}},{\"name\":\"scan.vba.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.vba.total.files\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.expired\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.fingerprint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.fingerprint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.fingerprint\"}}},{\"name\":\"scan.x509.fingerprint.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.x509.fingerprint\"}}},{\"name\":\"scan.x509.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.issuer\"}}},{\"name\":\"scan.x509.issuer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.x509.issuer\"}}},{\"name\":\"scan.x509.not_after\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.not_before\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.serial_number\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.serial_number.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.serial_number\"}}},{\"name\":\"scan.x509.serial_number.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.x509.serial_number\"}}},{\"name\":\"scan.x509.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.subject\"}}},{\"name\":\"scan.x509.subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.x509.subject\"}}},{\"name\":\"scan.x509.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.namespaces\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.xml.namespaces.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.xml.namespaces\"}}},{\"name\":\"scan.xml.namespaces.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.xml.namespaces\"}}},{\"name\":\"scan.xml.tags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.xml.tags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.xml.tags\"}}},{\"name\":\"scan.xml.tags.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.xml.tags\"}}},{\"name\":\"scan.xml.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.total.tags\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.xml.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.xml.version\"}}},{\"name\":\"scan.xml.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.xml.version\"}}},{\"name\":\"scan.yara.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.yara.matches\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.yara.matches.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.yara.matches\"}}},{\"name\":\"scan.yara.matches.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"scan.yara.matches\"}}},{\"name\":\"server.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.address\"}}},{\"name\":\"server.address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"server.address\"}}},{\"name\":\"server.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.ip_bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.port\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.reply_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.reply_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.reply_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.reply_message\"}}},{\"name\":\"server.reply_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"server.reply_message\"}}},{\"name\":\"server.status_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.status_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.status_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.status_message\"}}},{\"name\":\"server.status_message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"server.status_message\"}}},{\"name\":\"sip.call_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.call_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.call_id\"}}},{\"name\":\"sip.call_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.call_id\"}}},{\"name\":\"sip.content_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.content_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.content_type\"}}},{\"name\":\"sip.content_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.content_type\"}}},{\"name\":\"sip.date\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.date.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.date\"}}},{\"name\":\"sip.date.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.date\"}}},{\"name\":\"sip.method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.method\"}}},{\"name\":\"sip.method.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.method\"}}},{\"name\":\"sip.request.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.request.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.from\"}}},{\"name\":\"sip.request.from.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.request.from\"}}},{\"name\":\"sip.request.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.path\"}}},{\"name\":\"sip.request.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.request.path\"}}},{\"name\":\"sip.request.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.to\"}}},{\"name\":\"sip.request.to.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.request.to\"}}},{\"name\":\"sip.response.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.response.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.from\"}}},{\"name\":\"sip.response.from.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.response.from\"}}},{\"name\":\"sip.response.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.path\"}}},{\"name\":\"sip.response.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.response.path\"}}},{\"name\":\"sip.response.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.to\"}}},{\"name\":\"sip.response.to.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.response.to\"}}},{\"name\":\"sip.seq\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.seq.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.seq\"}}},{\"name\":\"sip.seq.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.seq\"}}},{\"name\":\"sip.transaction.depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.uri\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.uri.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.uri\"}}},{\"name\":\"sip.uri.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.uri\"}}},{\"name\":\"sip.warning\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.warning.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.warning\"}}},{\"name\":\"sip.warning.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"sip.warning\"}}},{\"name\":\"smb.file_system\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.file_system.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.file_system\"}}},{\"name\":\"smb.file_system.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smb.file_system\"}}},{\"name\":\"smb.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.path\"}}},{\"name\":\"smb.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smb.path\"}}},{\"name\":\"smb.service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.service.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.service\"}}},{\"name\":\"smb.service.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smb.service\"}}},{\"name\":\"smb.share_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.share_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.share_type\"}}},{\"name\":\"smb.share_type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smb.share_type\"}}},{\"name\":\"smtp.cc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.cc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.cc\"}}},{\"name\":\"smtp.cc.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.cc\"}}},{\"name\":\"smtp.first_received\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.first_received.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.first_received\"}}},{\"name\":\"smtp.first_received.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.first_received\"}}},{\"name\":\"smtp.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.from\"}}},{\"name\":\"smtp.from.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.from\"}}},{\"name\":\"smtp.helo\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.helo.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.helo\"}}},{\"name\":\"smtp.helo.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.helo\"}}},{\"name\":\"smtp.in_reply_to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.in_reply_to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.in_reply_to\"}}},{\"name\":\"smtp.in_reply_to.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.in_reply_to\"}}},{\"name\":\"smtp.is_webmail\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.last_reply\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.last_reply.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.last_reply\"}}},{\"name\":\"smtp.last_reply.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.last_reply\"}}},{\"name\":\"smtp.mail_date\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.mail_date.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_date\"}}},{\"name\":\"smtp.mail_date.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_date\"}}},{\"name\":\"smtp.mail_from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.mail_from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_from\"}}},{\"name\":\"smtp.mail_from.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_from\"}}},{\"name\":\"smtp.message_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.message_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.message_id\"}}},{\"name\":\"smtp.message_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.message_id\"}}},{\"name\":\"smtp.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.path\"}}},{\"name\":\"smtp.path.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.path\"}}},{\"name\":\"smtp.recipient_to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.recipient_to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.recipient_to\"}}},{\"name\":\"smtp.recipient_to.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.recipient_to\"}}},{\"name\":\"smtp.second_received\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.second_received.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.second_received\"}}},{\"name\":\"smtp.second_received.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.second_received\"}}},{\"name\":\"smtp.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.subject\"}}},{\"name\":\"smtp.subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.subject\"}}},{\"name\":\"smtp.tls\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.to\"}}},{\"name\":\"smtp.to.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.to\"}}},{\"name\":\"smtp.transaction_depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.useragent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.useragent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.useragent\"}}},{\"name\":\"smtp.useragent.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"smtp.useragent\"}}},{\"name\":\"snmp.community\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.community.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.community\"}}},{\"name\":\"snmp.community.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"snmp.community\"}}},{\"name\":\"snmp.display_string\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.display_string.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.display_string\"}}},{\"name\":\"snmp.display_string.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"snmp.display_string\"}}},{\"name\":\"snmp.get.bulk_requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.get.requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.get.responses\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.set.requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.up_since\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.up_since.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.up_since\"}}},{\"name\":\"snmp.up_since.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"snmp.up_since\"}}},{\"name\":\"snmp.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.version\"}}},{\"name\":\"snmp.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"snmp.version\"}}},{\"name\":\"socks.bound.host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.bound.host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.bound.host\"}}},{\"name\":\"socks.bound.host.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"socks.bound.host\"}}},{\"name\":\"socks.bound.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"socks.request.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.request.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.request.name\"}}},{\"name\":\"socks.request.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"socks.request.name\"}}},{\"name\":\"socks.request.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"socks.status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.status\"}}},{\"name\":\"socks.status.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"socks.status\"}}},{\"name\":\"socks.user\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.user.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.user\"}}},{\"name\":\"socks.user.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"socks.user\"}}},{\"name\":\"socks.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.name\"}}},{\"name\":\"software.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"software.name\"}}},{\"name\":\"software.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.type\"}}},{\"name\":\"software.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"software.type\"}}},{\"name\":\"software.version.additional_info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.version.additional_info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.version.additional_info\"}}},{\"name\":\"software.version.additional_info.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"software.version.additional_info\"}}},{\"name\":\"software.version.major\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.minor\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.minor2\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.unparsed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.version.unparsed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.version.unparsed\"}}},{\"name\":\"software.version.unparsed.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"software.version.unparsed\"}}},{\"name\":\"source.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.city_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.city_name\"}}},{\"name\":\"source.geo.city_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.city_name\"}}},{\"name\":\"source.geo.continent_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.continent_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.continent_name\"}}},{\"name\":\"source.geo.continent_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.continent_name\"}}},{\"name\":\"source.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.country_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_iso_code\"}}},{\"name\":\"source.geo.country_iso_code.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_iso_code\"}}},{\"name\":\"source.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.country_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_name\"}}},{\"name\":\"source.geo.country_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_name\"}}},{\"name\":\"source.geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.location.lat\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.location.lon\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.region_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_iso_code\"}}},{\"name\":\"source.geo.region_iso_code.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_iso_code\"}}},{\"name\":\"source.geo.region_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.region_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_name\"}}},{\"name\":\"source.geo.region_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_name\"}}},{\"name\":\"source.geo.timezone\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.timezone.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.timezone\"}}},{\"name\":\"source.geo.timezone.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.geo.timezone\"}}},{\"name\":\"source.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.hostname\"}}},{\"name\":\"source.hostname.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"source.hostname\"}}},{\"name\":\"source.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.authentication.attempts\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.authentication.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.cipher_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.cipher_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.cipher_algorithm\"}}},{\"name\":\"ssh.cipher_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.cipher_algorithm\"}}},{\"name\":\"ssh.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.client\"}}},{\"name\":\"ssh.client.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.client\"}}},{\"name\":\"ssh.client_host_key_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.client_host_key_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.client_host_key_algorithms\"}}},{\"name\":\"ssh.client_host_key_algorithms.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.client_host_key_algorithms\"}}},{\"name\":\"ssh.compression_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.compression_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.compression_algorithm\"}}},{\"name\":\"ssh.compression_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.compression_algorithm\"}}},{\"name\":\"ssh.direction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.direction.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.direction\"}}},{\"name\":\"ssh.direction.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.direction\"}}},{\"name\":\"ssh.hassh_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_algorithms\"}}},{\"name\":\"ssh.hassh_algorithms.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_algorithms\"}}},{\"name\":\"ssh.hassh_server\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_server.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server\"}}},{\"name\":\"ssh.hassh_server.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server\"}}},{\"name\":\"ssh.hassh_server_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_server_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server_algorithms\"}}},{\"name\":\"ssh.hassh_server_algorithms.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server_algorithms\"}}},{\"name\":\"ssh.hassh_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_version\"}}},{\"name\":\"ssh.hassh_version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_version\"}}},{\"name\":\"ssh.host_key\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.host_key.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key\"}}},{\"name\":\"ssh.host_key.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key\"}}},{\"name\":\"ssh.host_key_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.host_key_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key_algorithm\"}}},{\"name\":\"ssh.host_key_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key_algorithm\"}}},{\"name\":\"ssh.kex_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.kex_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.kex_algorithm\"}}},{\"name\":\"ssh.kex_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.kex_algorithm\"}}},{\"name\":\"ssh.mac_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.mac_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.mac_algorithm\"}}},{\"name\":\"ssh.mac_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.mac_algorithm\"}}},{\"name\":\"ssh.server\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.server.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.server\"}}},{\"name\":\"ssh.server.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.server\"}}},{\"name\":\"ssh.server_host_key_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.server_host_key_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.server_host_key_algorithms\"}}},{\"name\":\"ssh.server_host_key_algorithms.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssh.server_host_key_algorithms\"}}},{\"name\":\"ssh.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.certificate.chain_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.chain_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.chain_fuids\"}}},{\"name\":\"ssl.certificate.chain_fuids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.chain_fuids\"}}},{\"name\":\"ssl.certificate.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.issuer\"}}},{\"name\":\"ssl.certificate.issuer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.issuer\"}}},{\"name\":\"ssl.certificate.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.subject\"}}},{\"name\":\"ssl.certificate.subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.subject\"}}},{\"name\":\"ssl.cipher\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.cipher.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.cipher\"}}},{\"name\":\"ssl.cipher.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.cipher\"}}},{\"name\":\"ssl.client.certificate.chain_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.certificate.chain_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.certificate.chain_fuids\"}}},{\"name\":\"ssl.client.certificate.chain_fuids.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.client.certificate.chain_fuids\"}}},{\"name\":\"ssl.client.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.issuer\"}}},{\"name\":\"ssl.client.issuer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.client.issuer\"}}},{\"name\":\"ssl.client.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.subject\"}}},{\"name\":\"ssl.client.subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.client.subject\"}}},{\"name\":\"ssl.curve\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.curve.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.curve\"}}},{\"name\":\"ssl.curve.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.curve\"}}},{\"name\":\"ssl.established\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.last_alert\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.last_alert.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.last_alert\"}}},{\"name\":\"ssl.last_alert.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.last_alert\"}}},{\"name\":\"ssl.next_protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.next_protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.next_protocol\"}}},{\"name\":\"ssl.next_protocol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.next_protocol\"}}},{\"name\":\"ssl.resumed\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.server_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.server_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.server_name\"}}},{\"name\":\"ssl.server_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.server_name\"}}},{\"name\":\"ssl.validation_status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.validation_status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.validation_status\"}}},{\"name\":\"ssl.validation_status.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.validation_status\"}}},{\"name\":\"ssl.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.version\"}}},{\"name\":\"ssl.version.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"ssl.version\"}}},{\"name\":\"syslog.facility_label\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog.facility_label.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"syslog.facility_label\"}}},{\"name\":\"syslog.facility_label.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"syslog.facility_label\"}}},{\"name\":\"syslog.severity_label\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog.severity_label\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"syslog.severity_label\"}}},{\"name\":\"syslog.severity_label.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"syslog.severity_label\"}}},{\"name\":\"tags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"tags\"}}},{\"name\":\"tunnel.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"tunnel.type\"}}},{\"name\":\"tunnel.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"tunnel.type\"}}},{\"name\":\"user.escalated\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.escalated.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.escalated\"}}},{\"name\":\"user.escalated.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"user.escalated\"}}},{\"name\":\"user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.name\"}}},{\"name\":\"user.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"user.name\"}}},{\"name\":\"version.minor3\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"weird.additional_info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.additional_info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.additional_info\"}}},{\"name\":\"weird.additional_info.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"weird.additional_info\"}}},{\"name\":\"weird.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.name\"}}},{\"name\":\"weird.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"weird.name\"}}},{\"name\":\"weird.notice\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"weird.peer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.peer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.peer\"}}},{\"name\":\"weird.peer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"weird.peer\"}}},{\"name\":\"winlog.activity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.activity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.activity_id\"}}},{\"name\":\"winlog.activity_id.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.activity_id\"}}},{\"name\":\"winlog.api\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.api.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.api\"}}},{\"name\":\"winlog.api.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.api\"}}},{\"name\":\"winlog.channel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.channel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.channel\"}}},{\"name\":\"winlog.channel.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.channel\"}}},{\"name\":\"winlog.computer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.computer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.computer\"}}},{\"name\":\"winlog.computer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.computer\"}}},{\"name\":\"winlog.computer_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.computer_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.computer_name\"}}},{\"name\":\"winlog.computer_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.computer_name\"}}},{\"name\":\"winlog.eventRecordID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.eventRecordID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.eventRecordID\"}}},{\"name\":\"winlog.eventRecordID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.eventRecordID\"}}},{\"name\":\"winlog.eventSourceName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.eventSourceName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.eventSourceName\"}}},{\"name\":\"winlog.eventSourceName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.eventSourceName\"}}},{\"name\":\"winlog.event_data.AccessList\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.AccessList.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AccessList\"}}},{\"name\":\"winlog.event_data.AccessList.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AccessList\"}}},{\"name\":\"winlog.event_data.AccessMask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.AccessMask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AccessMask\"}}},{\"name\":\"winlog.event_data.AccessMask.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AccessMask\"}}},{\"name\":\"winlog.event_data.Address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Address\"}}},{\"name\":\"winlog.event_data.Address.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Address\"}}},{\"name\":\"winlog.event_data.AddressLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.AddressLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AddressLength\"}}},{\"name\":\"winlog.event_data.AddressLength.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AddressLength\"}}},{\"name\":\"winlog.event_data.Binary\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Binary.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Binary\"}}},{\"name\":\"winlog.event_data.Binary.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Binary\"}}},{\"name\":\"winlog.event_data.CreationUtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.CreationUtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.CreationUtcTime\"}}},{\"name\":\"winlog.event_data.CreationUtcTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.CreationUtcTime\"}}},{\"name\":\"winlog.event_data.DeviceName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceName\"}}},{\"name\":\"winlog.event_data.DeviceName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceName\"}}},{\"name\":\"winlog.event_data.DeviceNameLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceNameLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceNameLength\"}}},{\"name\":\"winlog.event_data.DeviceNameLength.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceNameLength\"}}},{\"name\":\"winlog.event_data.DeviceTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceTime\"}}},{\"name\":\"winlog.event_data.DeviceTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceTime\"}}},{\"name\":\"winlog.event_data.DeviceVersionMajor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceVersionMajor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMajor\"}}},{\"name\":\"winlog.event_data.DeviceVersionMajor.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMajor\"}}},{\"name\":\"winlog.event_data.DeviceVersionMinor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceVersionMinor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMinor\"}}},{\"name\":\"winlog.event_data.DeviceVersionMinor.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMinor\"}}},{\"name\":\"winlog.event_data.DirtyPages\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DirtyPages.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DirtyPages\"}}},{\"name\":\"winlog.event_data.DirtyPages.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DirtyPages\"}}},{\"name\":\"winlog.event_data.FileName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.FileName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.FileName\"}}},{\"name\":\"winlog.event_data.FileName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.FileName\"}}},{\"name\":\"winlog.event_data.FinalStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.FinalStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.FinalStatus\"}}},{\"name\":\"winlog.event_data.FinalStatus.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.FinalStatus\"}}},{\"name\":\"winlog.event_data.HandleId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.HandleId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HandleId\"}}},{\"name\":\"winlog.event_data.HandleId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HandleId\"}}},{\"name\":\"winlog.event_data.Hashes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Hashes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Hashes\"}}},{\"name\":\"winlog.event_data.Hashes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Hashes\"}}},{\"name\":\"winlog.event_data.HiveName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.HiveName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HiveName\"}}},{\"name\":\"winlog.event_data.HiveName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HiveName\"}}},{\"name\":\"winlog.event_data.HiveNameLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.HiveNameLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HiveNameLength\"}}},{\"name\":\"winlog.event_data.HiveNameLength.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.HiveNameLength\"}}},{\"name\":\"winlog.event_data.ImageLoaded\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ImageLoaded.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ImageLoaded\"}}},{\"name\":\"winlog.event_data.ImageLoaded.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ImageLoaded\"}}},{\"name\":\"winlog.event_data.IntegrityLevel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.IntegrityLevel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.IntegrityLevel\"}}},{\"name\":\"winlog.event_data.IntegrityLevel.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.IntegrityLevel\"}}},{\"name\":\"winlog.event_data.KeysUpdated\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.KeysUpdated.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.KeysUpdated\"}}},{\"name\":\"winlog.event_data.KeysUpdated.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.KeysUpdated\"}}},{\"name\":\"winlog.event_data.LinkName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.LinkName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LinkName\"}}},{\"name\":\"winlog.event_data.LinkName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LinkName\"}}},{\"name\":\"winlog.event_data.LogonGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.LogonGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonGuid\"}}},{\"name\":\"winlog.event_data.LogonGuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonGuid\"}}},{\"name\":\"winlog.event_data.LogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.LogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonId\"}}},{\"name\":\"winlog.event_data.LogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonId\"}}},{\"name\":\"winlog.event_data.NewSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.NewSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewSize\"}}},{\"name\":\"winlog.event_data.NewSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewSize\"}}},{\"name\":\"winlog.event_data.NewState\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.NewState.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewState\"}}},{\"name\":\"winlog.event_data.NewState.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewState\"}}},{\"name\":\"winlog.event_data.NewTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.NewTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewTime\"}}},{\"name\":\"winlog.event_data.NewTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewTime\"}}},{\"name\":\"winlog.event_data.ObjectName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ObjectName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectName\"}}},{\"name\":\"winlog.event_data.ObjectName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectName\"}}},{\"name\":\"winlog.event_data.ObjectServer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ObjectServer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectServer\"}}},{\"name\":\"winlog.event_data.ObjectServer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectServer\"}}},{\"name\":\"winlog.event_data.ObjectType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ObjectType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectType\"}}},{\"name\":\"winlog.event_data.ObjectType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ObjectType\"}}},{\"name\":\"winlog.event_data.OldTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.OldTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.OldTime\"}}},{\"name\":\"winlog.event_data.OldTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.OldTime\"}}},{\"name\":\"winlog.event_data.OriginalSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.OriginalSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.OriginalSize\"}}},{\"name\":\"winlog.event_data.OriginalSize.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.OriginalSize\"}}},{\"name\":\"winlog.event_data.PreviousCreationUtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.PreviousCreationUtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousCreationUtcTime\"}}},{\"name\":\"winlog.event_data.PreviousCreationUtcTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousCreationUtcTime\"}}},{\"name\":\"winlog.event_data.PreviousTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.PreviousTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousTime\"}}},{\"name\":\"winlog.event_data.PreviousTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousTime\"}}},{\"name\":\"winlog.event_data.ProcessID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ProcessID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessID\"}}},{\"name\":\"winlog.event_data.ProcessID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessID\"}}},{\"name\":\"winlog.event_data.ProcessId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ProcessId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessId\"}}},{\"name\":\"winlog.event_data.ProcessId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessId\"}}},{\"name\":\"winlog.event_data.ProcessName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ProcessName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessName\"}}},{\"name\":\"winlog.event_data.ProcessName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessName\"}}},{\"name\":\"winlog.event_data.QueryName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.QueryName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryName\"}}},{\"name\":\"winlog.event_data.QueryName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryName\"}}},{\"name\":\"winlog.event_data.QueryResults\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.QueryResults.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryResults\"}}},{\"name\":\"winlog.event_data.QueryResults.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryResults\"}}},{\"name\":\"winlog.event_data.QueryStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.QueryStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryStatus\"}}},{\"name\":\"winlog.event_data.QueryStatus.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryStatus\"}}},{\"name\":\"winlog.event_data.Reason\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Reason.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Reason\"}}},{\"name\":\"winlog.event_data.Reason.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Reason\"}}},{\"name\":\"winlog.event_data.ResourceAttributes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ResourceAttributes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ResourceAttributes\"}}},{\"name\":\"winlog.event_data.ResourceAttributes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ResourceAttributes\"}}},{\"name\":\"winlog.event_data.ResourceManager\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ResourceManager.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ResourceManager\"}}},{\"name\":\"winlog.event_data.ResourceManager.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ResourceManager\"}}},{\"name\":\"winlog.event_data.RuleName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.RuleName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.RuleName\"}}},{\"name\":\"winlog.event_data.RuleName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.RuleName\"}}},{\"name\":\"winlog.event_data.Signature\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Signature.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signature\"}}},{\"name\":\"winlog.event_data.Signature.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signature\"}}},{\"name\":\"winlog.event_data.SignatureStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SignatureStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SignatureStatus\"}}},{\"name\":\"winlog.event_data.SignatureStatus.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SignatureStatus\"}}},{\"name\":\"winlog.event_data.Signed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Signed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signed\"}}},{\"name\":\"winlog.event_data.Signed.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signed\"}}},{\"name\":\"winlog.event_data.SubjectDomainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SubjectDomainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectDomainName\"}}},{\"name\":\"winlog.event_data.SubjectDomainName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectDomainName\"}}},{\"name\":\"winlog.event_data.SubjectLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SubjectLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectLogonId\"}}},{\"name\":\"winlog.event_data.SubjectLogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectLogonId\"}}},{\"name\":\"winlog.event_data.SubjectUserSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SubjectUserSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectUserSid\"}}},{\"name\":\"winlog.event_data.SubjectUserSid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectUserSid\"}}},{\"name\":\"winlog.event_data.TerminalSessionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.TerminalSessionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TerminalSessionId\"}}},{\"name\":\"winlog.event_data.TerminalSessionId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TerminalSessionId\"}}},{\"name\":\"winlog.event_data.TransactionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.TransactionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TransactionId\"}}},{\"name\":\"winlog.event_data.TransactionId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TransactionId\"}}},{\"name\":\"winlog.event_data.UtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.UtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.UtcTime\"}}},{\"name\":\"winlog.event_data.UtcTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.UtcTime\"}}},{\"name\":\"winlog.event_data.authenticationPackageName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.authenticationPackageName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.authenticationPackageName\"}}},{\"name\":\"winlog.event_data.authenticationPackageName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.authenticationPackageName\"}}},{\"name\":\"winlog.event_data.callerProcessId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.callerProcessId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.callerProcessId\"}}},{\"name\":\"winlog.event_data.callerProcessId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.callerProcessId\"}}},{\"name\":\"winlog.event_data.callerProcessName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.callerProcessName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.callerProcessName\"}}},{\"name\":\"winlog.event_data.callerProcessName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.callerProcessName\"}}},{\"name\":\"winlog.event_data.clientProcessId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.clientProcessId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.clientProcessId\"}}},{\"name\":\"winlog.event_data.clientProcessId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.clientProcessId\"}}},{\"name\":\"winlog.event_data.countOfCredentialsReturned\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.countOfCredentialsReturned.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.countOfCredentialsReturned\"}}},{\"name\":\"winlog.event_data.countOfCredentialsReturned.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.countOfCredentialsReturned\"}}},{\"name\":\"winlog.event_data.creationUtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.creationUtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.creationUtcTime\"}}},{\"name\":\"winlog.event_data.creationUtcTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.creationUtcTime\"}}},{\"name\":\"winlog.event_data.data\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.data.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.data\"}}},{\"name\":\"winlog.event_data.data.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.data\"}}},{\"name\":\"winlog.event_data.destinationIsIpv6\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.destinationIsIpv6.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.destinationIsIpv6\"}}},{\"name\":\"winlog.event_data.destinationIsIpv6.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.destinationIsIpv6\"}}},{\"name\":\"winlog.event_data.destinationPortName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.destinationPortName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.destinationPortName\"}}},{\"name\":\"winlog.event_data.destinationPortName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.destinationPortName\"}}},{\"name\":\"winlog.event_data.details\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.details.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.details\"}}},{\"name\":\"winlog.event_data.details.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.details\"}}},{\"name\":\"winlog.event_data.elevatedToken\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.elevatedToken.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.elevatedToken\"}}},{\"name\":\"winlog.event_data.elevatedToken.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.elevatedToken\"}}},{\"name\":\"winlog.event_data.errorCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.errorCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.errorCode\"}}},{\"name\":\"winlog.event_data.errorCode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.errorCode\"}}},{\"name\":\"winlog.event_data.eventType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.eventType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.eventType\"}}},{\"name\":\"winlog.event_data.eventType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.eventType\"}}},{\"name\":\"winlog.event_data.hashes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.hashes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.hashes\"}}},{\"name\":\"winlog.event_data.hashes.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.hashes\"}}},{\"name\":\"winlog.event_data.imagePath\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.imagePath.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.imagePath\"}}},{\"name\":\"winlog.event_data.imagePath.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.imagePath\"}}},{\"name\":\"winlog.event_data.impersonationLevel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.impersonationLevel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.impersonationLevel\"}}},{\"name\":\"winlog.event_data.impersonationLevel.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.impersonationLevel\"}}},{\"name\":\"winlog.event_data.initiated\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.initiated.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.initiated\"}}},{\"name\":\"winlog.event_data.initiated.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.initiated\"}}},{\"name\":\"winlog.event_data.integrityLevel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.integrityLevel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.integrityLevel\"}}},{\"name\":\"winlog.event_data.integrityLevel.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.integrityLevel\"}}},{\"name\":\"winlog.event_data.keyLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.keyLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.keyLength\"}}},{\"name\":\"winlog.event_data.keyLength.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.keyLength\"}}},{\"name\":\"winlog.event_data.logonGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.logonGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonGuid\"}}},{\"name\":\"winlog.event_data.logonGuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonGuid\"}}},{\"name\":\"winlog.event_data.logonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.logonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonId\"}}},{\"name\":\"winlog.event_data.logonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonId\"}}},{\"name\":\"winlog.event_data.logonProcessName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.logonProcessName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonProcessName\"}}},{\"name\":\"winlog.event_data.logonProcessName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonProcessName\"}}},{\"name\":\"winlog.event_data.logonType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.logonType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonType\"}}},{\"name\":\"winlog.event_data.logonType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.logonType\"}}},{\"name\":\"winlog.event_data.param1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param1\"}}},{\"name\":\"winlog.event_data.param1.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param1\"}}},{\"name\":\"winlog.event_data.param10\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param10.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param10\"}}},{\"name\":\"winlog.event_data.param10.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param10\"}}},{\"name\":\"winlog.event_data.param11\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param11.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param11\"}}},{\"name\":\"winlog.event_data.param11.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param11\"}}},{\"name\":\"winlog.event_data.param16\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param16.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param16\"}}},{\"name\":\"winlog.event_data.param16.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param16\"}}},{\"name\":\"winlog.event_data.param19\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param19.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param19\"}}},{\"name\":\"winlog.event_data.param19.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param19\"}}},{\"name\":\"winlog.event_data.param2\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param2.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param2\"}}},{\"name\":\"winlog.event_data.param2.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param2\"}}},{\"name\":\"winlog.event_data.param20\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param20.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param20\"}}},{\"name\":\"winlog.event_data.param20.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param20\"}}},{\"name\":\"winlog.event_data.param21\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param21.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param21\"}}},{\"name\":\"winlog.event_data.param21.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param21\"}}},{\"name\":\"winlog.event_data.param22\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param22.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param22\"}}},{\"name\":\"winlog.event_data.param22.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param22\"}}},{\"name\":\"winlog.event_data.param23\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param23.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param23\"}}},{\"name\":\"winlog.event_data.param23.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param23\"}}},{\"name\":\"winlog.event_data.param3\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param3.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param3\"}}},{\"name\":\"winlog.event_data.param3.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param3\"}}},{\"name\":\"winlog.event_data.param4\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param4.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param4\"}}},{\"name\":\"winlog.event_data.param4.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param4\"}}},{\"name\":\"winlog.event_data.param5\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param5.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param5\"}}},{\"name\":\"winlog.event_data.param5.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param5\"}}},{\"name\":\"winlog.event_data.param6\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param6.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param6\"}}},{\"name\":\"winlog.event_data.param6.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param6\"}}},{\"name\":\"winlog.event_data.param7\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param7.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param7\"}}},{\"name\":\"winlog.event_data.param7.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param7\"}}},{\"name\":\"winlog.event_data.param8\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param8.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param8\"}}},{\"name\":\"winlog.event_data.param8.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param8\"}}},{\"name\":\"winlog.event_data.param9\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param9.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param9\"}}},{\"name\":\"winlog.event_data.param9.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param9\"}}},{\"name\":\"winlog.event_data.privilegeList\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.privilegeList.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.privilegeList\"}}},{\"name\":\"winlog.event_data.privilegeList.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.privilegeList\"}}},{\"name\":\"winlog.event_data.processCreationTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.processCreationTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processCreationTime\"}}},{\"name\":\"winlog.event_data.processCreationTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processCreationTime\"}}},{\"name\":\"winlog.event_data.processId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.processId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processId\"}}},{\"name\":\"winlog.event_data.processId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processId\"}}},{\"name\":\"winlog.event_data.processName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.processName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processName\"}}},{\"name\":\"winlog.event_data.processName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.processName\"}}},{\"name\":\"winlog.event_data.protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.protocol\"}}},{\"name\":\"winlog.event_data.protocol.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.protocol\"}}},{\"name\":\"winlog.event_data.queryName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.queryName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryName\"}}},{\"name\":\"winlog.event_data.queryName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryName\"}}},{\"name\":\"winlog.event_data.queryResults\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.queryResults.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryResults\"}}},{\"name\":\"winlog.event_data.queryResults.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryResults\"}}},{\"name\":\"winlog.event_data.queryStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.queryStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryStatus\"}}},{\"name\":\"winlog.event_data.queryStatus.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.queryStatus\"}}},{\"name\":\"winlog.event_data.readOperation\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.readOperation.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.readOperation\"}}},{\"name\":\"winlog.event_data.readOperation.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.readOperation\"}}},{\"name\":\"winlog.event_data.returnCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.returnCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.returnCode\"}}},{\"name\":\"winlog.event_data.returnCode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.returnCode\"}}},{\"name\":\"winlog.event_data.ruleName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ruleName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ruleName\"}}},{\"name\":\"winlog.event_data.ruleName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ruleName\"}}},{\"name\":\"winlog.event_data.serviceGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.serviceGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceGuid\"}}},{\"name\":\"winlog.event_data.serviceGuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceGuid\"}}},{\"name\":\"winlog.event_data.serviceName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.serviceName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceName\"}}},{\"name\":\"winlog.event_data.serviceName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceName\"}}},{\"name\":\"winlog.event_data.serviceType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.serviceType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceType\"}}},{\"name\":\"winlog.event_data.serviceType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceType\"}}},{\"name\":\"winlog.event_data.sourceIsIpv6\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.sourceIsIpv6.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.sourceIsIpv6\"}}},{\"name\":\"winlog.event_data.sourceIsIpv6.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.sourceIsIpv6\"}}},{\"name\":\"winlog.event_data.startType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.startType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.startType\"}}},{\"name\":\"winlog.event_data.startType.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.startType\"}}},{\"name\":\"winlog.event_data.subjectDomainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.subjectDomainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectDomainName\"}}},{\"name\":\"winlog.event_data.subjectDomainName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectDomainName\"}}},{\"name\":\"winlog.event_data.subjectLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.subjectLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectLogonId\"}}},{\"name\":\"winlog.event_data.subjectLogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectLogonId\"}}},{\"name\":\"winlog.event_data.subjectUserName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.subjectUserName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectUserName\"}}},{\"name\":\"winlog.event_data.subjectUserName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectUserName\"}}},{\"name\":\"winlog.event_data.subjectUserSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.subjectUserSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectUserSid\"}}},{\"name\":\"winlog.event_data.subjectUserSid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.subjectUserSid\"}}},{\"name\":\"winlog.event_data.targetDomainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetDomainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetDomainName\"}}},{\"name\":\"winlog.event_data.targetDomainName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetDomainName\"}}},{\"name\":\"winlog.event_data.targetLinkedLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetLinkedLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetLinkedLogonId\"}}},{\"name\":\"winlog.event_data.targetLinkedLogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetLinkedLogonId\"}}},{\"name\":\"winlog.event_data.targetLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetLogonId\"}}},{\"name\":\"winlog.event_data.targetLogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetLogonId\"}}},{\"name\":\"winlog.event_data.targetName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetName\"}}},{\"name\":\"winlog.event_data.targetName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetName\"}}},{\"name\":\"winlog.event_data.targetObject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetObject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetObject\"}}},{\"name\":\"winlog.event_data.targetObject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetObject\"}}},{\"name\":\"winlog.event_data.targetSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetSid\"}}},{\"name\":\"winlog.event_data.targetSid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetSid\"}}},{\"name\":\"winlog.event_data.targetUserName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetUserName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetUserName\"}}},{\"name\":\"winlog.event_data.targetUserName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetUserName\"}}},{\"name\":\"winlog.event_data.targetUserSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.targetUserSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetUserSid\"}}},{\"name\":\"winlog.event_data.targetUserSid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.targetUserSid\"}}},{\"name\":\"winlog.event_data.terminalSessionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.terminalSessionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.terminalSessionId\"}}},{\"name\":\"winlog.event_data.terminalSessionId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.terminalSessionId\"}}},{\"name\":\"winlog.event_data.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.type\"}}},{\"name\":\"winlog.event_data.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.type\"}}},{\"name\":\"winlog.event_data.updateGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.updateGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateGuid\"}}},{\"name\":\"winlog.event_data.updateGuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateGuid\"}}},{\"name\":\"winlog.event_data.updateRevisionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.updateRevisionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateRevisionNumber\"}}},{\"name\":\"winlog.event_data.updateRevisionNumber.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateRevisionNumber\"}}},{\"name\":\"winlog.event_data.updateTitle\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.updateTitle.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateTitle\"}}},{\"name\":\"winlog.event_data.updateTitle.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateTitle\"}}},{\"name\":\"winlog.event_data.utcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.utcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.utcTime\"}}},{\"name\":\"winlog.event_data.utcTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.utcTime\"}}},{\"name\":\"winlog.event_data.virtualAccount\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.virtualAccount.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.virtualAccount\"}}},{\"name\":\"winlog.event_data.virtualAccount.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.virtualAccount\"}}},{\"name\":\"winlog.event_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.keywords\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.keywords.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.keywords\"}}},{\"name\":\"winlog.keywords.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.keywords\"}}},{\"name\":\"winlog.level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.level\"}}},{\"name\":\"winlog.level.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.level\"}}},{\"name\":\"winlog.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.message\"}}},{\"name\":\"winlog.message.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.message\"}}},{\"name\":\"winlog.opcode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.opcode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.opcode\"}}},{\"name\":\"winlog.opcode.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.opcode\"}}},{\"name\":\"winlog.process.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.process.thread.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.processID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.processID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.processID\"}}},{\"name\":\"winlog.processID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.processID\"}}},{\"name\":\"winlog.providerGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.providerGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.providerGuid\"}}},{\"name\":\"winlog.providerGuid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.providerGuid\"}}},{\"name\":\"winlog.providerName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.providerName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.providerName\"}}},{\"name\":\"winlog.providerName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.providerName\"}}},{\"name\":\"winlog.provider_guid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.provider_guid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_guid\"}}},{\"name\":\"winlog.provider_guid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_guid\"}}},{\"name\":\"winlog.provider_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.provider_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_name\"}}},{\"name\":\"winlog.provider_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_name\"}}},{\"name\":\"winlog.record_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.severityValue\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.severityValue.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.severityValue\"}}},{\"name\":\"winlog.severityValue.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.severityValue\"}}},{\"name\":\"winlog.systemTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.systemTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.systemTime\"}}},{\"name\":\"winlog.systemTime.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.systemTime\"}}},{\"name\":\"winlog.task\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.task.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.task\"}}},{\"name\":\"winlog.task.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.task\"}}},{\"name\":\"winlog.threadID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.threadID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.threadID\"}}},{\"name\":\"winlog.threadID.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.threadID\"}}},{\"name\":\"winlog.user.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.domain\"}}},{\"name\":\"winlog.user.domain.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user.domain\"}}},{\"name\":\"winlog.user.identifier\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.identifier.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.identifier\"}}},{\"name\":\"winlog.user.identifier.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user.identifier\"}}},{\"name\":\"winlog.user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.name\"}}},{\"name\":\"winlog.user.name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user.name\"}}},{\"name\":\"winlog.user.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.type\"}}},{\"name\":\"winlog.user.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user.type\"}}},{\"name\":\"winlog.user_data.SubjectDomainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.SubjectDomainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectDomainName\"}}},{\"name\":\"winlog.user_data.SubjectDomainName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectDomainName\"}}},{\"name\":\"winlog.user_data.SubjectLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.SubjectLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectLogonId\"}}},{\"name\":\"winlog.user_data.SubjectLogonId.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectLogonId\"}}},{\"name\":\"winlog.user_data.SubjectUserName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.SubjectUserName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectUserName\"}}},{\"name\":\"winlog.user_data.SubjectUserName.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectUserName\"}}},{\"name\":\"winlog.user_data.SubjectUserSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.SubjectUserSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectUserSid\"}}},{\"name\":\"winlog.user_data.SubjectUserSid.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.SubjectUserSid\"}}},{\"name\":\"winlog.user_data.xml_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.xml_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.xml_name\"}}},{\"name\":\"winlog.user_data.xml_name.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.xml_name\"}}},{\"name\":\"winlog.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.basic_constraints.ca\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.certificate.curve\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.curve.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.curve\"}}},{\"name\":\"x509.certificate.curve.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.curve\"}}},{\"name\":\"x509.certificate.exponent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.exponent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.exponent\"}}},{\"name\":\"x509.certificate.exponent.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.exponent\"}}},{\"name\":\"x509.certificate.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.issuer\"}}},{\"name\":\"x509.certificate.issuer.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.issuer\"}}},{\"name\":\"x509.certificate.key.algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.key.algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.algorithm\"}}},{\"name\":\"x509.certificate.key.algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.algorithm\"}}},{\"name\":\"x509.certificate.key.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.certificate.key.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.key.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.type\"}}},{\"name\":\"x509.certificate.key.type.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.type\"}}},{\"name\":\"x509.certificate.not_valid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.not_valid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_after\"}}},{\"name\":\"x509.certificate.not_valid_after.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_after\"}}},{\"name\":\"x509.certificate.not_valid_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.not_valid_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_before\"}}},{\"name\":\"x509.certificate.not_valid_before.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_before\"}}},{\"name\":\"x509.certificate.serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.serial\"}}},{\"name\":\"x509.certificate.serial.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.serial\"}}},{\"name\":\"x509.certificate.signing_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.signing_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.signing_algorithm\"}}},{\"name\":\"x509.certificate.signing_algorithm.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.signing_algorithm\"}}},{\"name\":\"x509.certificate.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.subject\"}}},{\"name\":\"x509.certificate.subject.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.subject\"}}},{\"name\":\"x509.certificate.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.san_dns\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.san_dns.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.san_dns\"}}},{\"name\":\"x509.san_dns.security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false,\"subType\":{\"multi\":{\"parent\":\"x509.san_dns\"}}}]", "timeFieldName": "@timestamp", "title": "*:so-*"}, "coreMigrationVersion": "7.16.2", "id": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29", "migrationVersion": {"index-pattern": "7.11.0"}, "references": [], "sort": [1643385898421, 12], "type": "index-pattern", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjY3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - All Logs", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - All Logs\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":29}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"}, "coreMigrationVersion": "7.16.2", "id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 14], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjY4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Logs Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - Logs Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"}, "coreMigrationVersion": "7.16.2", "id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 16], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjY5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Source IPs", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 18], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjcwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Destination IPs", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 20], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjcxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SMTP - Sender", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - SMTP - Sender\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp.from.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "7a789740-75e7-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 22], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjcyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SMTP - Recipient", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - SMTP - Recipient\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"To\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp.to.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Recipient\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "a5742950-75e7-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 24], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjczLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SMTP - TLS", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - SMTP - TLS\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"smtp.tls: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"smtp.tls\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TLS\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "e77a2b60-75e7-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 26], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjc0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SMTP - Subject", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - SMTP - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"smtp.subject.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp.subject.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subject\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "0713ebf0-75e8-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 28], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjc1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SMTP - User Agent", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - SMTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp.useragent.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User Agent\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "4178ce00-75e8-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 30], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjc2LDE1XQ=="} +{"attributes": {"columns": ["source.ip", "source.port", "destination.ip", "destination.port", "log.id.uid", "network.community_id", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [], "title": "Security Onion - All Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 32], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjc3LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:smtp\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"a603d9db-ab4e-40b0-aeb8-0f1c1f84bd85\"},\"panelIndex\":\"a603d9db-ab4e-40b0-aeb8-0f1c1f84bd85\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":14,\"y\":0,\"w\":16,\"h\":9,\"i\":\"6fd30865-1d5d-4f8f-9173-77220bb23395\"},\"panelIndex\":\"6fd30865-1d5d-4f8f-9173-77220bb23395\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":9,\"i\":\"1b0acf7a-2a47-4eb4-9cb2-34cd6c499472\"},\"panelIndex\":\"1b0acf7a-2a47-4eb4-9cb2-34cd6c499472\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":18,\"i\":\"d31027fb-a090-474f-9863-712ef30c0b3e\"},\"panelIndex\":\"d31027fb-a090-474f-9863-712ef30c0b3e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":18,\"i\":\"fb5452b7-cb91-4415-ad6b-37f2c05955fa\"},\"panelIndex\":\"fb5452b7-cb91-4415-ad6b-37f2c05955fa\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":18,\"y\":9,\"w\":15,\"h\":18,\"i\":\"9aaa1369-1a61-4bb0-bb30-6bbb476fbb8a\"},\"panelIndex\":\"9aaa1369-1a61-4bb0-bb30-6bbb476fbb8a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":18,\"i\":\"4bf1751e-8da2-4f5a-b66d-2f09338b2053\"},\"panelIndex\":\"4bf1751e-8da2-4f5a-b66d-2f09338b2053\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":18,\"h\":18,\"i\":\"9365d9e9-478f-499d-aa41-d8f42081ff1c\"},\"panelIndex\":\"9365d9e9-478f-499d-aa41-d8f42081ff1c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":18,\"y\":27,\"w\":15,\"h\":18,\"i\":\"18ad4f7a-1a1e-4dcb-8810-bb74d247c9fa\"},\"panelIndex\":\"18ad4f7a-1a1e-4dcb-8810-bb74d247c9fa\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":33,\"y\":27,\"w\":15,\"h\":18,\"i\":\"44a5b84f-2636-45f4-bb5e-9f8ab11f4107\"},\"panelIndex\":\"44a5b84f-2636-45f4-bb5e-9f8ab11f4107\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":29,\"i\":\"4053cc7e-9771-46d9-8e03-e430ab096805\"},\"panelIndex\":\"4053cc7e-9771-46d9-8e03-e430ab096805\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"}]", "timeRestore": false, "title": "Security Onion - SMTP", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "00304500-75e7-11ea-9565-7315f4ee5cac", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "7a789740-75e7-11ea-9565-7315f4ee5cac", "name": "panel_5", "type": "visualization"}, {"id": "a5742950-75e7-11ea-9565-7315f4ee5cac", "name": "panel_6", "type": "visualization"}, {"id": "e77a2b60-75e7-11ea-9565-7315f4ee5cac", "name": "panel_7", "type": "visualization"}, {"id": "0713ebf0-75e8-11ea-9565-7315f4ee5cac", "name": "panel_8", "type": "visualization"}, {"id": "4178ce00-75e8-11ea-9565-7315f4ee5cac", "name": "panel_9", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_10", "type": "search"}], "sort": [1643385898421, 44], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjc4LDE1XQ=="} +{"attributes": {"columns": ["note", "source_ip", "destination_ip", "uid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event_type:bro_notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Notices - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "0a3bfbe0-342f-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 46], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjc5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Notices - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Notices - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "3027c4f0-34e4-11e7-9669-7f1d3242b798", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "0a3bfbe0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 48], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjgwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"}, "title": "Navigation", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Home](/kibana/app/dashboards#/view/94b52620-342a-11e7-9d52-4f090484f59e) \\n[Help](/kibana/app/dashboards#/view/AV6-POJSDwoBUzALqKAg) \\n\\n**Alert Data** \\n[Bro Notices](/kibana/app/dashboards#/view/01600fb0-34e4-11e7-9669-7f1d3242b798) \\n[ElastAlert](/kibana/app/dashboards#/view/1d98d620-7dce-11e7-846a-150cdcaf3374) \\n[HIDS](/kibana/app/dashboards#/view/0de7a390-3644-11e7-a6f7-4f44d7bf1c33) \\n[NIDS](/kibana/app/dashboards#/view/7f27a830-34e5-11e7-9669-7f1d3242b798) \u00a0\u00a0\\n\\n**Bro Hunting** \\n[Connections](/kibana/app/dashboards#/view/e0a34b90-34e6-11e7-9118-45bd317f0ca4) \\n[DCE/RPC](/kibana/app/dashboards#/view/46582d50-3af2-11e7-a83b-b1b4da7d15f4) \\n[DHCP](/kibana/app/dashboards#/view/85348270-357b-11e7-ac34-8965f6420c51) \\n[DNP3](/kibana/app/dashboards#/view/2fdf5bf0-3581-11e7-98ef-19df58fe538b) \\n[DNS](/kibana/app/dashboards#/view/ebf5ec90-34bf-11e7-9b32-bb903919ead9) \\n[Files](/kibana/app/dashboards#/view/2d315d80-3582-11e7-98ef-19df58fe538b) \\n[FTP](/kibana/app/dashboards#/view/27f3b380-3583-11e7-a588-05992195c551) \\n[HTTP](/kibana/app/dashboards#/view/230134a0-34c6-11e7-8360-0b86c90983fd) \\n[Intel](/kibana/app/dashboards#/view/468022c0-3583-11e7-a588-05992195c551) \\n[IRC](/kibana/app/dashboards#/view/56a34ce0-3583-11e7-a588-05992195c551) \\n[Kerberos](/kibana/app/dashboards#/view/6b0d4870-3583-11e7-a588-05992195c551) \\n[Modbus](/kibana/app/dashboards#/view/70c005f0-3583-11e7-a588-05992195c551) \\n[MySQL](/kibana/app/dashboards#/view/7929f430-3583-11e7-a588-05992195c551) \\n[NTLM](/kibana/app/dashboards#/view/022713e0-3ab0-11e7-a83b-b1b4da7d15f4) \\n[PE](/kibana/app/dashboards#/view/8a10e380-3583-11e7-a588-05992195c551) \\n[RADIUS](/kibana/app/dashboards#/view/90b246c0-3583-11e7-a588-05992195c551) \\n[RDP](/kibana/app/dashboards#/view/97f8c3a0-3583-11e7-a588-05992195c551) \\n[RFB](/kibana/app/dashboards#/view/9ef20ae0-3583-11e7-a588-05992195c551) \\n[SIP](/kibana/app/dashboards#/view/ad3c0830-3583-11e7-a588-05992195c551) \\n[SMB](/kibana/app/dashboards#/view/b3a53710-3aaa-11e7-8b17-0d8709b02c80) \\n[SMTP](/kibana/app/dashboards#/view/b10a9c60-3583-11e7-a588-05992195c551) \\n[SNMP](/kibana/app/dashboards#/view/b65c2710-3583-11e7-a588-05992195c551) \\n[Software](/kibana/app/dashboards#/view/c2c99c30-3583-11e7-a588-05992195c551) \\n[SSH](/kibana/app/dashboards#/view/c6ccfc00-3583-11e7-a588-05992195c551) \\n[SSL](/kibana/app/dashboards#/view/cca67b60-3583-11e7-a588-05992195c551) \\n[Syslog](/kibana/app/dashboards#/view/c4bbe040-76b3-11e7-ba96-cba76a1e264d) \\n[Tunnels](/kibana/app/dashboards#/view/d7b54ae0-3583-11e7-a588-05992195c551) \\n[Weird](/kibana/app/dashboards#/view/de2da250-3583-11e7-a588-05992195c551) \\n[X.509](/kibana/app/dashboards#/view/e5aa7170-3583-11e7-a588-05992195c551) \\n\\n**Host Hunting** \\n[Autoruns](/kibana/app/dashboards#/view/61d43810-6d62-11e7-8ddb-e71eb260f4a3) \\n[Beats](/kibana/app/dashboards#/view/AWBLNS3CRuBloj96jxub) \\n[Osquery](/kibana/app/dashboards#/view/9d0e2da0-14e1-11e9-82f7-0da02d93a48b) \\n[OSSEC](/kibana/app/dashboards#/view/3a457d70-3583-11e7-a588-05992195c551)\u00a0 \\n[Sysmon](/kibana/app/dashboards#/view/6d189680-6d62-11e7-8ddb-e71eb260f4a3) \\n\\n**Other** \\n[Domain Stats](/kibana/app/dashboards#/view/AWAi6wvxAvKNGEbUWO_j) \\n[Firewall](/kibana/app/dashboards#/view/50173bd0-3582-11e7-98ef-19df58fe538b) \\n[Frequency](/kibana/app/dashboards#/view/AWAi5k4jAvKNGEbUWFis) \\n[Stats](/kibana/app/dashboards#/view/130017f0-46ce-11e7-946f-1bfb1be7c36b) \\n[Syslog](/kibana/app/dashboards#/view/4323af90-76e5-11e7-ab14-e1a4c1bc11e0)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"}, "coreMigrationVersion": "7.16.2", "id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "migrationVersion": {"visualization": "7.14.0"}, "references": [], "sort": [1643385898421, 49], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjgxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Notices - Source IP Addresses", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Notices - Source IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "66e26ad0-3580-11e7-98ef-19df58fe538b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "0a3bfbe0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 51], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjgyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Notices - Destination IP Addresses", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Notices - Destination IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "7c47b650-3580-11e7-98ef-19df58fe538b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "0a3bfbe0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 53], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjgzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Notices - Notice Type", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Notices - Notice Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"note.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "07fdf9e0-39ad-11e7-8472-0151e5b2b475", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "0a3bfbe0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 55], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjg0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Notices - File MIME Type", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Notices - File MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file_mime_type.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "53c62730-39ad-11e7-8472-0151e5b2b475", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "0a3bfbe0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 57], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjg1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Notices - File Description", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Notices - File Description\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file_description.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "793c2640-39ad-11e7-8472-0151e5b2b475", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "0a3bfbe0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 59], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjg2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Notice - Destination Port (Vertical Bar Chart)", "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", "version": 1, "visState": "{\"title\":\"Notice - Destination Port (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "e85e2150-6e0e-11e7-8624-1fb07dd76c6a", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "0a3bfbe0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 61], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjg3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Bro - Notice - Message/Sub-Message", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Bro - Notice - Message/Sub-Message\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"msg.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Message\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sub_msg.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sub-Message\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "bfeb6210-7bb9-11e7-90ec-cdd3dff73b38", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "0a3bfbe0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 63], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjg4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Notices - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"Notices - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDG1uC-xQT5EBNmq3dP", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "0a3bfbe0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 65], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjg5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Bro - Notices - Notice Types", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Bro - Notices - Notice Types\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"note.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Note\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "2a949080-4a3d-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "0a3bfbe0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 67], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjkwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Notices - Destination Country", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Notices - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "1a879c90-4ca5-11e8-888d-71b91451cf05", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "0a3bfbe0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 69], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjkxLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":48,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":48,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":72,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":72,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":136,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":16,\"x\":8,\"y\":32,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":40,\"x\":0,\"y\":96,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":160,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":8,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":8,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"}]", "timeRestore": false, "title": "z16.04 - Bro - Notices", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "01600fb0-34e4-11e7-9669-7f1d3242b798", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "3027c4f0-34e4-11e7-9669-7f1d3242b798", "name": "panel_0", "type": "visualization"}, {"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_1", "type": "visualization"}, {"id": "66e26ad0-3580-11e7-98ef-19df58fe538b", "name": "panel_2", "type": "visualization"}, {"id": "7c47b650-3580-11e7-98ef-19df58fe538b", "name": "panel_3", "type": "visualization"}, {"id": "07fdf9e0-39ad-11e7-8472-0151e5b2b475", "name": "panel_4", "type": "visualization"}, {"id": "53c62730-39ad-11e7-8472-0151e5b2b475", "name": "panel_5", "type": "visualization"}, {"id": "793c2640-39ad-11e7-8472-0151e5b2b475", "name": "panel_6", "type": "visualization"}, {"id": "e85e2150-6e0e-11e7-8624-1fb07dd76c6a", "name": "panel_7", "type": "visualization"}, {"id": "bfeb6210-7bb9-11e7-90ec-cdd3dff73b38", "name": "panel_8", "type": "visualization"}, {"id": "AWDG1uC-xQT5EBNmq3dP", "name": "panel_9", "type": "visualization"}, {"id": "0a3bfbe0-342f-11e7-9e93-53b62e1857b2", "name": "panel_10", "type": "search"}, {"id": "2a949080-4a3d-11e8-9b0a-f1d33346f773", "name": "panel_11", "type": "visualization"}, {"id": "1a879c90-4ca5-11e8-888d-71b91451cf05", "name": "panel_12", "type": "visualization"}], "sort": [1643385898421, 83], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjkyLDE1XQ=="} +{"attributes": {"columns": ["source_ip", "source_port", "destination_ip", "destination_port", "uid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ntlm\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "NTLM - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "c21f4fa0-3aab-11e7-8b17-0d8709b02c80", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 85], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjkzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "NTLM - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"NTLM - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per minute\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "36f23eb0-3ab0-11e7-a83b-b1b4da7d15f4", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c21f4fa0-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 87], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjk0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "NTLM - Hostname", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"NTLM - Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hostname.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "e2c8e040-3ab0-11e7-a83b-b1b4da7d15f4", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c21f4fa0-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 89], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjk1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "NTLM - Username", "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}", "version": 1, "visState": "{\"title\":\"NTLM - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "4d869ee0-3ab1-11e7-a83b-b1b4da7d15f4", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c21f4fa0-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 91], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjk2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "NTLM - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"NTLM - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "d37b9330-3af1-11e7-a83b-b1b4da7d15f4", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c21f4fa0-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 93], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjk3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "NTLM - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"NTLM - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "f3a92f50-3af1-11e7-a83b-b1b4da7d15f4", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c21f4fa0-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 95], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjk4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "NTLM - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"NTLM - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "d7f162b0-6e1c-11e7-b553-7f80727663c1", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c21f4fa0-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 97], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNjk5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "NTLM - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"NTLM - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHCEx7xQT5EBNmq4Vf", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c21f4fa0-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 99], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzAwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "NTLM - Hostname to Username", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"NTLM - Hostname to Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hostname.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"domain_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "75ab1050-4a59-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c21f4fa0-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 101], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzAxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "NTLM - Server NetBIOS Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"NTLM - Server NetBIOS Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_nb_computer_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server NetBIOS Name\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "c23ea470-0edc-11e9-9846-59f545e7293f", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c21f4fa0-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 103], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzAyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "NTLM - Server DNS Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"NTLM - Server DNS Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_dns_computer_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server DNS Name\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "ee6a03f0-0edc-11e9-9846-59f545e7293f", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c21f4fa0-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 105], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzAzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "NTLM - Server Tree Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"NTLM - Server Tree Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_tree_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Tree Name\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "2a054320-0edd-11e9-9846-59f545e7293f", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c21f4fa0-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 107], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzA0LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":53,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":77,\"w\":48,\"h\":24,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":24,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":8,\"w\":12,\"h\":24,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":53,\"w\":16,\"h\":24,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":53,\"w\":16,\"h\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":32,\"y\":53,\"w\":16,\"h\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":24,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":35,\"y\":32,\"w\":13,\"h\":21,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":22,\"y\":32,\"w\":13,\"h\":21,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":32,\"w\":14,\"h\":21,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"}]", "timeRestore": false, "title": "z16.04 - Bro - NTLM", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "022713e0-3ab0-11e7-a83b-b1b4da7d15f4", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "36f23eb0-3ab0-11e7-a83b-b1b4da7d15f4", "name": "panel_1", "type": "visualization"}, {"id": "c21f4fa0-3aab-11e7-8b17-0d8709b02c80", "name": "panel_2", "type": "search"}, {"id": "e2c8e040-3ab0-11e7-a83b-b1b4da7d15f4", "name": "panel_3", "type": "visualization"}, {"id": "4d869ee0-3ab1-11e7-a83b-b1b4da7d15f4", "name": "panel_4", "type": "visualization"}, {"id": "d37b9330-3af1-11e7-a83b-b1b4da7d15f4", "name": "panel_5", "type": "visualization"}, {"id": "f3a92f50-3af1-11e7-a83b-b1b4da7d15f4", "name": "panel_6", "type": "visualization"}, {"id": "d7f162b0-6e1c-11e7-b553-7f80727663c1", "name": "panel_7", "type": "visualization"}, {"id": "AWDHCEx7xQT5EBNmq4Vf", "name": "panel_8", "type": "visualization"}, {"id": "75ab1050-4a59-11e8-9b0a-f1d33346f773", "name": "panel_9", "type": "visualization"}, {"id": "c23ea470-0edc-11e9-9846-59f545e7293f", "name": "panel_10", "type": "visualization"}, {"id": "ee6a03f0-0edc-11e9-9846-59f545e7293f", "name": "panel_11", "type": "visualization"}, {"id": "2a054320-0edd-11e9-9846-59f545e7293f", "name": "panel_12", "type": "visualization"}], "sort": [1643385898421, 121], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzA1LDE1XQ=="} +{"attributes": {"columns": ["_source"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.category:network\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Security Onion - Network Data", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "387f44c0-6ea7-11ea-9266-1fd14ca6af34", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 123], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzA2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - Network - Source IPs", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Network - Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"source.ip: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "0242ab70-6eae-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "387f44c0-6ea7-11ea-9266-1fd14ca6af34", "name": "search_0", "type": "search"}], "sort": [1643385898421, 125], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzA3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "title": "Security Onion - Files", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - Files\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645) \\n \\n**Modules** \\n[Strelka](/kibana/app/dashboards#/view/ff689c50-75f3-11ea-9565-7315f4ee5cac) \\n[Zeek](/kibana/app/dashboards#/view/ad4d5d60-75f4-11ea-9565-7315f4ee5cac)\"},\"aggs\":[]}"}, "coreMigrationVersion": "7.16.2", "id": "9a5058f0-6e99-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [], "sort": [1643385898421, 126], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzA4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - Log Count Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":false,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT30M\",\"intervalESValue\":30,\"intervalESUnit\":\"m\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-03-29T18:17:18.800Z\",\"max\":\"2020-03-30T18:17:18.800Z\"}},\"label\":\"@timestamp per 30 minutes\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\",\"mode\":\"quick\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"}, "coreMigrationVersion": "7.16.2", "id": "c879ad60-72a1-11ea-8dd2-9d8795a1200b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 128], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzA5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"event.module:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Modules", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.module.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Module\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"event.module.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"title\":\"Security Onion - Modules\"}"}, "coreMigrationVersion": "7.16.2", "id": "8b065a80-6eca-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 130], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzEwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Dataset", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Dataset\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Dataset\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"event.dataset.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.dataset.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "ad398b70-6e9a-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 132], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzExLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - File - Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - File - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "bcf25e30-75f1-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 134], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzEyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - FIle - Total Bytes", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"desc\"}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - FIle - Total Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.bytes.total: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.bytes.total\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Total Bytes\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "efc25540-75f1-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 136], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzEzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - File - MIME Type", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - File - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.mime_type.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.mime_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MIMEType\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "e8d35c50-75f3-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 138], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzE0LDE1XQ=="} +{"attributes": {"columns": ["event.module", "source.ip", "destination.ip", "file.mime_type", "log.id.fuid", "hash.sha1", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:file*\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [], "title": "Security Onion - File Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "b0dc2460-0e4d-11eb-a255-e1e8e85e3571", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 140], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzE1LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:file*\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":7,\"i\":\"6948ea4a-398f-4ab1-a269-e1e6ecd29e12\"},\"panelIndex\":\"6948ea4a-398f-4ab1-a269-e1e6ecd29e12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":7,\"y\":0,\"w\":15,\"h\":7,\"i\":\"d09eef70-f2b5-4085-b619-11cae812be58\"},\"panelIndex\":\"d09eef70-f2b5-4085-b619-11cae812be58\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":22,\"y\":0,\"w\":26,\"h\":7,\"i\":\"0dd18bd2-6631-4772-b3d0-4a92ff713e3a\"},\"panelIndex\":\"0dd18bd2-6631-4772-b3d0-4a92ff713e3a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":7,\"w\":8,\"h\":20,\"i\":\"86d343d4-c030-46a3-9f3e-083ccbf28b04\"},\"panelIndex\":\"86d343d4-c030-46a3-9f3e-083ccbf28b04\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":8,\"y\":7,\"w\":8,\"h\":20,\"i\":\"2fb5d1e8-4ac6-42c4-852e-9046c2970086\"},\"panelIndex\":\"2fb5d1e8-4ac6-42c4-852e-9046c2970086\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":16,\"y\":7,\"w\":10,\"h\":20,\"i\":\"7875de58-924b-4b27-bd51-159b5657659f\"},\"panelIndex\":\"7875de58-924b-4b27-bd51-159b5657659f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":26,\"y\":7,\"w\":10,\"h\":20,\"i\":\"f1f8a5c7-9e9f-460d-a2b8-eaca8d834c6b\"},\"panelIndex\":\"f1f8a5c7-9e9f-460d-a2b8-eaca8d834c6b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":36,\"y\":7,\"w\":12,\"h\":20,\"i\":\"06055634-ec80-478d-93d5-67e1cc46e1ab\"},\"panelIndex\":\"06055634-ec80-478d-93d5-67e1cc46e1ab\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":20,\"i\":\"cfa99d8f-e7d6-46d5-9e7f-5dc5c3371275\"},\"panelIndex\":\"cfa99d8f-e7d6-46d5-9e7f-5dc5c3371275\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]", "timeRestore": false, "title": "Security Onion - Files", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "0245be10-6ec1-11ea-9266-1fd14ca6af34", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "9a5058f0-6e99-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "c879ad60-72a1-11ea-8dd2-9d8795a1200b", "name": "panel_2", "type": "visualization"}, {"id": "8b065a80-6eca-11ea-9266-1fd14ca6af34", "name": "panel_3", "type": "visualization"}, {"id": "ad398b70-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_4", "type": "visualization"}, {"id": "bcf25e30-75f1-11ea-9565-7315f4ee5cac", "name": "panel_5", "type": "visualization"}, {"id": "efc25540-75f1-11ea-9565-7315f4ee5cac", "name": "panel_6", "type": "visualization"}, {"id": "e8d35c50-75f3-11ea-9565-7315f4ee5cac", "name": "panel_7", "type": "visualization"}, {"id": "b0dc2460-0e4d-11eb-a255-e1e8e85e3571", "name": "panel_8", "type": "search"}], "sort": [1643385898421, 150], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzE2LDE1XQ=="} +{"attributes": {"columns": ["source_ip", "source_port", "destination_ip", "destination_port", "uid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "SSL - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "c8f21de0-342e-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 152], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzE3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "SSL - Version (Pie Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"SSL - Version (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"version.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "02699580-365a-11e7-bf60-314364dd1cde", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c8f21de0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 154], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzE4LDE1XQ=="} +{"attributes": {"columns": ["source_ip", "source_port", "destination_ip", "destination_port", "uid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_sip\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "SIP - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "9e131480-342e-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 156], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzE5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "SIP - Status", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SIP - Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"status_code\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Code\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"status_msg.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Message\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "0291dba0-4c78-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9e131480-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 158], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzIwLDE1XQ=="} +{"attributes": {"fieldAttrs": "{\"event.action\":{\"count\":8},\"host.user.name\":{\"count\":2},\"endgame.event_type_full\":{\"count\":5},\"host.name\":{\"count\":7},\"host.os.name\":{\"count\":3},\"host.os.name.text\":{\"count\":1},\"endgame.event_subtype_full\":{\"count\":3},\"event.category\":{\"count\":5},\"process.name\":{\"count\":6},\"process.parent.name\":{\"count\":1},\"agent.id\":{\"count\":2},\"process.executable\":{\"count\":3},\"type\":{\"count\":3},\"host.name.keyword\":{\"count\":2},\"event.sequence\":{\"count\":3},\"host.os.family\":{\"count\":1},\"host.os.platform\":{\"count\":1},\"event.type\":{\"count\":8},\"metadata.action\":{\"count\":2},\"user.name\":{\"count\":1},\"@version\":{\"count\":2},\"@timestamp\":{\"count\":1},\"registry.path\":{\"count\":1},\"related.user\":{\"count\":1},\"event.kind\":{\"count\":1},\"event.severity\":{\"count\":1},\"file.name\":{\"count\":4},\"host.domain\":{\"count\":1},\"process.command_line\":{\"count\":1},\"_id\":{\"count\":1},\"client.bytes\":{\"count\":2},\"destination.bytes\":{\"count\":2},\"network.bytes\":{\"count\":2},\"server.bytes\":{\"count\":2},\"source.bytes\":{\"count\":2},\"client.ip\":{\"count\":1},\"destination.ip\":{\"count\":1},\"source.ip\":{\"count\":1},\"file.attributes\":{\"count\":6},\"file.directory\":{\"count\":3},\"file.extension\":{\"count\":2},\"file.gid\":{\"count\":2},\"file.group\":{\"count\":2},\"host.hostname\":{\"count\":1},\"host.ip\":{\"count\":1},\"related.ip\":{\"count\":2},\"user.domain\":{\"count\":2}}", "fieldFormatMap": "{\"process.name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:process.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(process.name:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"user.name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:user.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(user.name:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:file.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.name:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.type\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:file.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.name:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"event.module\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:event.module,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"network.transport\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:network.transport,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(network.transport:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"source.ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:source.ip,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(source.ip:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"host.name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:host.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(host.name:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"registry.key\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:registry.key,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(registry.key:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"host.ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:host.ip,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(host.ip:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"destination.ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'endgame-*',key:destination.ip,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(destination.ip:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"event.category.dashboard\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"{{ rawValue }}\",\"labelTemplate\":\"{{ value }}\"}}}", "fields": "[]", "runtimeFieldMap": "{\"event.category.dashboard\":{\"type\":\"keyword\",\"script\":{\"source\":\"def source = doc['event.category'].value;\\nMap urls = new HashMap();\\nurls.put(\\\"authentication\\\", \\\"dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635\\\");\\nurls.put(\\\"file\\\", \\\"dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635\\\");\\nurls.put(\\\"network\\\", \\\"dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36\\\");\\nurls.put(\\\"process\\\", \\\"dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635\\\");\\nurls.put(\\\"registry\\\", \\\"dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635\\\");\\nurls.put(\\\"driver\\\", \\\"dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635\\\");\\nif (source != null) {\\n\\tdef url = urls.get(source);\\n\\tif (url != null) {\\n\\t\\temit(url);\\n return;\\n\\t}\\n}\\nemit(\\\"None\\\");\"}}}", "timeFieldName": "@timestamp", "title": "endgame-*", "typeMeta": "{}"}, "coreMigrationVersion": "7.16.2", "id": "endgame-*", "migrationVersion": {"index-pattern": "7.11.0"}, "references": [], "sort": [1643385898421, 159], "type": "index-pattern", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzIxLDE1XQ=="} +{"attributes": {"columns": ["host.name", "registry.path", "related.user"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"event.category : \\\"registry\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Endgame - Registry Events", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "0359b740-64cc-11ec-864c-8b5450f97635", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "endgame-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 161], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzIyLDE1XQ=="} +{"attributes": {"color": "#D36086", "description": "", "name": "Endgame"}, "coreMigrationVersion": "7.16.2", "id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "references": [], "sort": [1643385898421, 162], "type": "tag", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzIzLDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"1828f449-a2e9-4ed2-a72c-e6f22382569e": {"columnOrder": ["e5498d4d-b9af-4016-8afc-e4639ceb6c10", "e5acabfb-508c-4778-adfb-e41ca3adbc23", "cf39428c-7790-4793-8906-cb5f02fd2f0f", "f42194c4-5434-42cb-ad39-e2756562f3ed", "25c7f5d8-ce06-4da5-b769-820ba42e328e", "d043970e-d696-48bc-905d-8f1f45019e3d"], "columns": {"25c7f5d8-ce06-4da5-b769-820ba42e328e": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "host.os.family", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"fallback": true, "type": "alphabetical"}, "orderDirection": "asc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "host.os.family"}, "cf39428c-7790-4793-8906-cb5f02fd2f0f": {"customLabel": true, "dataType": "ip", "isBucketed": true, "label": "host.ip", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"fallback": true, "type": "alphabetical"}, "orderDirection": "asc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "host.ip"}, "d043970e-d696-48bc-905d-8f1f45019e3d": {"customLabel": true, "dataType": "string", "isBucketed": false, "label": "host.os.version", "operationType": "last_value", "params": {"sortField": "@timestamp"}, "scale": "ordinal", "sourceField": "host.os.version"}, "e5498d4d-b9af-4016-8afc-e4639ceb6c10": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "host.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"fallback": true, "type": "alphabetical"}, "orderDirection": "asc", "otherBucket": true, "size": 5}, "scale": "ordinal", "sourceField": "host.name"}, "e5acabfb-508c-4778-adfb-e41ca3adbc23": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "host.id", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"fallback": true, "type": "alphabetical"}, "orderDirection": "asc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "host.id"}, "f42194c4-5434-42cb-ad39-e2756562f3ed": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "host.os.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"fallback": true, "type": "alphabetical"}, "orderDirection": "asc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "host.os.name"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": ""}, "visualization": {"columns": [{"columnId": "e5498d4d-b9af-4016-8afc-e4639ceb6c10", "isTransposed": false, "width": 460.98333333333335}, {"columnId": "cf39428c-7790-4793-8906-cb5f02fd2f0f", "isTransposed": false, "width": 254.98333333333332}, {"columnId": "d043970e-d696-48bc-905d-8f1f45019e3d", "isTransposed": false, "width": 175.98333333333335}, {"columnId": "f42194c4-5434-42cb-ad39-e2756562f3ed", "isTransposed": false, "width": 200.98333333333335}, {"columnId": "e5acabfb-508c-4778-adfb-e41ca3adbc23", "isTransposed": false, "width": 515.8333333333334}, {"columnId": "25c7f5d8-ce06-4da5-b769-820ba42e328e", "isTransposed": false, "width": 201.23333333333332}], "layerId": "1828f449-a2e9-4ed2-a72c-e6f22382569e", "layerType": "data"}}, "title": "Endgame - Host Information Table", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "03935e10-6a20-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-1828f449-a2e9-4ed2-a72c-e6f22382569e", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 166], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzI0LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"9643f560-7a46-408c-b61d-ed2a87fc6103": {"columnOrder": ["305b2f21-9981-40d5-a79b-f7a78eea89b4", "3520723b-f0f3-4845-975c-e97380d8124b"], "columns": {"305b2f21-9981-40d5-a79b-f7a78eea89b4": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "process.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "3520723b-f0f3-4845-975c-e97380d8124b", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 20}, "scale": "ordinal", "sourceField": "process.name"}, "3520723b-f0f3-4845-975c-e97380d8124b": {"dataType": "number", "isBucketed": false, "label": "Count of records", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": "event.kind : \"alert\" "}, "visualization": {"layers": [{"categoryDisplay": "default", "groups": ["305b2f21-9981-40d5-a79b-f7a78eea89b4"], "layerId": "9643f560-7a46-408c-b61d-ed2a87fc6103", "layerType": "data", "legendDisplay": "default", "metric": "3520723b-f0f3-4845-975c-e97380d8124b", "nestedLegend": false, "numberDisplay": "percent"}], "palette": {"name": "kibana_palette", "type": "palette"}, "shape": "treemap"}}, "title": "Endgame - Alert Process", "visualizationType": "lnsPie"}, "coreMigrationVersion": "7.16.2", "id": "0406add0-6e48-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-9643f560-7a46-408c-b61d-ed2a87fc6103", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 170], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzI1LDE1XQ=="} +{"attributes": {"columns": ["osquery.columns.permissions", "osquery.columns.name"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event_type: osquery AND osquery.name:*chrome* AND osquery.columns.permissions:('all_urls','privacy')\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "osquery - Chrome Extensions - Sensitive Permissions", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "040dda10-18d8-11e9-932c-d12d2cf4ee95", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 172], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzI2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SIP - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SIP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "04e1aea0-3750-11e7-b74a-f5057991ccd2", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9e131480-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 174], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzI3LDE1XQ=="} +{"attributes": {"columns": ["osquery.hostname", "osquery.columns.username", "osquery.LiveQuery", "osquery.columns.name"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event_type: osquery AND osquery.name:*chrome*\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "osquery - Chrome Extensions", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "0eee4360-18d4-11e9-932c-d12d2cf4ee95", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 176], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzI4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "osquery - Chrome Extensions - Changes by Hostname", "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}", "version": 1, "visState": "{\"title\":\"osquery - Chrome Extensions - Changes by Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Changes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.hostname.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "04f86530-1a59-11e9-ac0b-cb0ba10141ab", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "0eee4360-18d4-11e9-932c-d12d2cf4ee95", "name": "search_0", "type": "search"}], "sort": [1643385898421, 178], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzI5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"network.protocol:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Top Network Protocols", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - Top Network Protocols\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":false,\"metric\":{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}}},\"bucket\":{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.protocol.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "d9eb5b30-6ea9-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 180], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzMwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - Network - Transport", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - Network - Transport\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":false,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"network.transport: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "79cc9670-6ead-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "387f44c0-6ea7-11ea-9266-1fd14ca6af34", "name": "search_0", "type": "search"}], "sort": [1643385898421, 182], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzMxLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.category: network\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.2\",\"gridData\":{\"h\":9,\"i\":\"b18f064d-2fba-45d8-a3c3-700ecec939a3\",\"w\":13,\"x\":0,\"y\":0},\"panelIndex\":\"b18f064d-2fba-45d8-a3c3-700ecec939a3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":9,\"i\":\"3bf59d17-132e-47bc-b548-e1e073491ec5\",\"w\":14,\"x\":13,\"y\":0},\"panelIndex\":\"3bf59d17-132e-47bc-b548-e1e073491ec5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":9,\"i\":\"49c9ae10-3f16-4cec-b044-c5cf2db199ae\",\"w\":21,\"x\":27,\"y\":0},\"panelIndex\":\"49c9ae10-3f16-4cec-b044-c5cf2db199ae\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":19,\"i\":\"87427ca5-e0b9-4ec8-bb5f-3452803befe1\",\"w\":13,\"x\":0,\"y\":9},\"panelIndex\":\"87427ca5-e0b9-4ec8-bb5f-3452803befe1\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":19,\"i\":\"3d3199e1-d839-4738-bc99-e030365b7070\",\"w\":11,\"x\":13,\"y\":9},\"panelIndex\":\"3d3199e1-d839-4738-bc99-e030365b7070\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":19,\"i\":\"a7745b0f-1c69-4837-9f7e-3d79b5a2ac60\",\"w\":12,\"x\":24,\"y\":9},\"panelIndex\":\"a7745b0f-1c69-4837-9f7e-3d79b5a2ac60\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":19,\"i\":\"221a543a-98d4-46dd-8e7c-bf97bb292021\",\"w\":12,\"x\":36,\"y\":9},\"panelIndex\":\"221a543a-98d4-46dd-8e7c-bf97bb292021\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.2\",\"gridData\":{\"h\":29,\"i\":\"55902091-6959-4127-a969-4015fbf124d3\",\"w\":48,\"x\":0,\"y\":28},\"panelIndex\":\"55902091-6959-4127-a969-4015fbf124d3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]", "timeRestore": false, "title": "Security Onion - Network", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "04ff3ef0-6ea4-11ea-9266-1fd14ca6af34", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "d9eb5b30-6ea9-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "79cc9670-6ead-11ea-9266-1fd14ca6af34", "name": "panel_3", "type": "visualization"}, {"id": "ad398b70-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_4", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_5", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_6", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_7", "type": "search"}], "sort": [1643385898421, 191], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzMyLDE1XQ=="} +{"attributes": {"columns": ["source_ip", "source_port", "destination_ip", "destination_port", "uid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"event_type:bro_conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Connections - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 193], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzMzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Connections - Missed Bytes", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Connections - Missed Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"missed_bytes\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Missed Bytes\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "05088150-3670-11e7-8c78-e3086faf385c", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 195], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzM0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SMB - Path", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - SMB - Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"smb.path.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smb.path.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Path\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "052df440-75f0-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 197], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzM1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Rule - GID/SID", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Rule - GID/SID\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"GID\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"SID\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rule.rev: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.gid\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"GID\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.signature_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SID\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.rev\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Revision\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "053f7130-7734-11ea-bee5-af7f7c7b8e05", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 199], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzM2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Connections - Source - Originator Bytes ( Tile Map)", "uiStateJSON": "{\"mapZoom\":3,\"mapCenter\":[39.70718665682654,-44.912109375]}", "version": 1, "visState": "{\"title\":\"Connections - Source - Originator Bytes ( Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"original_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"source_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "05809df0-46cb-11e7-946f-1bfb1be7c36b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 201], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzM3LDE1XQ=="} +{"attributes": {"columns": ["_source"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event_type: osquery\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "osquery - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "84116380-14e1-11e9-82f7-0da02d93a48b", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 203], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzM4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "osquery - Changes by Hostname", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"osquery - Changes by Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Changes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.hostname.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "05a5ed10-14e4-11e9-82f7-0da02d93a48b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "84116380-14e1-11e9-82f7-0da02d93a48b", "name": "search_0", "type": "search"}], "sort": [1643385898421, 205], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzM5LDE1XQ=="} +{"attributes": {"columns": ["source_ip", "destination_ip", "destination_port", "uid", "fuid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ftp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "FTP - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "f21cb5f0-342d-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 207], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzQwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "FTP - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"FTP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "06f21d60-35b6-11e7-a994-c528746bc6e8", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "f21cb5f0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 209], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzQxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - DNS - Query", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - DNS - Query\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dns.query.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.query.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Query\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "07065340-72ba-11ea-8dd2-9d8795a1200b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 211], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzQyLDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"b40ff395-6c20-4678-8aab-a74568f9a5cf": {"columnOrder": ["7588aa5a-05de-44d8-952a-7e7f7f6e5519", "0a2006cd-c185-4cf3-b9dc-7b395ca048cf", "1fed253e-8c24-4b33-94e4-1114efd871b4", "fa5b5762-e154-4170-8e31-110029d67cd0"], "columns": {"0a2006cd-c185-4cf3-b9dc-7b395ca048cf": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "user.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "fa5b5762-e154-4170-8e31-110029d67cd0", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "user.name"}, "1fed253e-8c24-4b33-94e4-1114efd871b4": {"customLabel": true, "dataType": "string", "isBucketed": false, "label": "event.outcome", "operationType": "last_value", "params": {"sortField": "@timestamp"}, "scale": "ordinal", "sourceField": "event.outcome"}, "7588aa5a-05de-44d8-952a-7e7f7f6e5519": {"customLabel": true, "dataType": "ip", "isBucketed": true, "label": "host.ip", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "fa5b5762-e154-4170-8e31-110029d67cd0", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "host.ip"}, "fa5b5762-e154-4170-8e31-110029d67cd0": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.category", "negate": false, "params": {"query": "authentication"}, "type": "phrase"}, "query": {"match_phrase": {"event.category": "authentication"}}}], "query": {"language": "kuery", "query": ""}, "visualization": {"columns": [{"columnId": "1fed253e-8c24-4b33-94e4-1114efd871b4"}, {"columnId": "7588aa5a-05de-44d8-952a-7e7f7f6e5519", "isTransposed": false}, {"columnId": "fa5b5762-e154-4170-8e31-110029d67cd0", "isTransposed": false}, {"columnId": "0a2006cd-c185-4cf3-b9dc-7b395ca048cf", "isTransposed": false}], "layerId": "b40ff395-6c20-4678-8aab-a74568f9a5cf", "layerType": "data"}}, "title": "Endgame - Auth Event Outcome", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "072ae530-6d6c-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-b40ff395-6c20-4678-8aab-a74568f9a5cf", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 216], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzQzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - PE - Section", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.section_names.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Section\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - PE - Section\"}"}, "coreMigrationVersion": "7.16.2", "id": "07419650-c763-11ea-bebb-37c5ab5894ea", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 218], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzQ0LDE1XQ=="} +{"attributes": {"columns": ["source_ip", "destination_ip", "destination_port", "uid", "fuid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_intel\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Intel - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "0d4e3a60-342e-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 220], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzQ1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Intel - Indicator Type (Vertical Bar Chart)", "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", "version": 1, "visState": "{\"title\":\"Intel - Indicator Type (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0,\"filter\":true},\"title\":{\"text\":\"Indicator Type\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"indicator_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Indicator Type\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "07622d60-6e16-11e7-8624-1fb07dd76c6a", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "0d4e3a60-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 222], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzQ2LDE1XQ=="} +{"attributes": {"columns": ["source_ip", "source_port", "destination_ip", "destination_port", "uid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_mysql\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "MySQL - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "5d624230-342e-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 224], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzQ3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "MySQL - Command/Argument", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"MySQL - Command/Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql_command.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql_argument.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Argument\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "07e25650-3812-11e7-a1cc-ebc6a7e70e84", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "5d624230-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 226], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzQ4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - HTTP - Method", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - HTTP - Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"http.method.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.method.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "088aad70-7377-11ea-a3da-cbdb4f8a90c0", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 228], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzQ5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Hash - SHA256", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Hash - SHA256\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.hash.sha256.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hash.sha256.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "08c0b770-772e-11ea-bee5-af7f7c7b8e05", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 230], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzUwLDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"a4e4fe43-0662-4a4f-a5b1-57b8f6475336": {"columnOrder": ["198124aa-9a71-41ea-bcc5-1938e8373b85", "80ce6212-7318-4c10-90ad-bb58171524d0", "556f58d4-2449-46ab-ba8c-db6846dcb74a", "fa795a61-1d89-491e-87de-ba6469644719"], "columns": {"198124aa-9a71-41ea-bcc5-1938e8373b85": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "server.address", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "fa795a61-1d89-491e-87de-ba6469644719", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "server.address"}, "556f58d4-2449-46ab-ba8c-db6846dcb74a": {"dataType": "number", "isBucketed": true, "label": "server.port", "operationType": "range", "params": {"maxBars": "auto", "ranges": [{"from": 0, "label": "", "to": 1000}], "type": "histogram"}, "scale": "interval", "sourceField": "server.port"}, "80ce6212-7318-4c10-90ad-bb58171524d0": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "network.transport", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "fa795a61-1d89-491e-87de-ba6469644719", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "network.transport"}, "fa795a61-1d89-491e-87de-ba6469644719": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.category", "negate": false, "params": {"query": "network"}, "type": "phrase"}, "query": {"match_phrase": {"event.category": "network"}}}], "query": {"language": "kuery", "query": ""}, "visualization": {"columns": [{"columnId": "198124aa-9a71-41ea-bcc5-1938e8373b85", "isTransposed": false}, {"columnId": "80ce6212-7318-4c10-90ad-bb58171524d0", "isTransposed": false}, {"columnId": "fa795a61-1d89-491e-87de-ba6469644719", "isTransposed": false}, {"columnId": "556f58d4-2449-46ab-ba8c-db6846dcb74a", "isTransposed": false}], "layerId": "a4e4fe43-0662-4a4f-a5b1-57b8f6475336", "layerType": "data"}}, "title": "Endgame - Network Transport", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "09227f50-6e44-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-a4e4fe43-0662-4a4f-a5b1-57b8f6475336", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 235], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzUxLDE1XQ=="} +{"attributes": {"columns": ["source_ip", "source_port", "destination_ip", "destination_port", "uid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssh\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "SSH - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "c33e7600-342e-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 237], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzUyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SSH - Log Count Over TIme", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"SSH - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "09457310-3641-11e7-a6f7-4f44d7bf1c33", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c33e7600-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 239], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzUzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Hash - MD5", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Hash - MD5\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hash.md5.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MD5\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "09fc6ef0-7732-11ea-bee5-af7f7c7b8e05", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 241], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzU0LDE1XQ=="} +{"attributes": {"columns": ["source_ip", "syslog-host_from", "syslog-priority"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"tags:syslog\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Syslog (All) - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 243], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzU1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Syslog - Host From", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Syslog - Host From\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-host_from.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Host (From)\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "0a2ce700-76e6-11e7-ab14-e1a4c1bc11e0", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0", "name": "search_0", "type": "search"}], "sort": [1643385898421, 245], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzU2LDE1XQ=="} +{"attributes": {"columns": ["host", "certificate_subject", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "X.509 - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "f5038cc0-342e-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 247], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzU3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "X.509 - Certificate Issuer", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"X.509 - Certificate Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_issuer.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "0a5f7b30-37d9-11e7-9efb-91e89505091f", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "f5038cc0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 249], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzU4LDE1XQ=="} +{"attributes": {"columns": ["source_ip", "source_port", "destination_ip", "destination_port", "uid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_rdp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "RDP - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "823dd600-342e-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 251], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzU5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "RDP - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"RDP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "0b9dea80-371c-11e7-90f8-87842d5eedc9", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "823dd600-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 253], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzYwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - RDP - Certificate Type", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - RDP - Certificate Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rdp.certificate_type.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rdp.certificate_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "0c006bb0-75c6-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 255], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzYxLDE1XQ=="} +{"attributes": {"columns": ["source_ip", "source_port", "destination_ip", "destination_port", "uid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "DNS - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "d46522e0-342d-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 257], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzYyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "DNS - Query Type", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DNS - Query Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query_type_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query Type\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "0c338e50-4a4e-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d46522e0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 259], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzYzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"}, "title": "Endgame - Navigation", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Endgame - Navigation\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":true,\"markdown\":\"**Kibana** \\n[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635) \\n \\n[Alerts](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) |\\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame Console** \\n [Dashboard](https://ENDGAMEHOST/dashboard) | [Alerts](https://ENDGAMEHOST/alerts/dashboard)\"}}"}, "coreMigrationVersion": "7.16.2", "id": "754f7380-6d82-11ec-864c-8b5450f97635", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}, {"id": "0b963f20-6f9c-11ec-864c-8b5450f97635", "name": "tag-0b963f20-6f9c-11ec-864c-8b5450f97635", "type": "tag"}], "sort": [1643385898421, 262], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzY0LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"842f61f9-afc4-44dc-a6bd-e3cc66a8827b": {"columnOrder": ["2834ba67-2809-442b-b80b-4b17d3a67d43"], "columns": {"2834ba67-2809-442b-b80b-4b17d3a67d43": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": " Count", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": "event.kind : \"alert\" "}, "visualization": {"accessor": "2834ba67-2809-442b-b80b-4b17d3a67d43", "layerId": "842f61f9-afc4-44dc-a6bd-e3cc66a8827b", "layerType": "data"}}, "title": "Endgame - Alerts All Logs", "visualizationType": "lnsMetric"}, "coreMigrationVersion": "7.16.2", "id": "914d4890-6e46-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-842f61f9-afc4-44dc-a6bd-e3cc66a8827b", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 266], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzY1LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"0600494b-6f03-450b-8dab-981005aedf32": {"columnOrder": ["0f00561d-d6d7-46b2-af59-4ea225a9893a", "34e0e2cc-aab4-4581-9bc4-aba527024007"], "columns": {"0f00561d-d6d7-46b2-af59-4ea225a9893a": {"dataType": "date", "isBucketed": true, "label": "@timestamp", "operationType": "date_histogram", "params": {"interval": "auto"}, "scale": "interval", "sourceField": "@timestamp"}, "34e0e2cc-aab4-4581-9bc4-aba527024007": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count", "operationType": "count", "params": {"format": {"id": "number", "params": {"decimals": 0}}}, "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": "event.kind : \"alert\" "}, "visualization": {"axisTitlesVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "fittingFunction": "None", "gridlinesVisibilitySettings": {"x": false, "yLeft": true, "yRight": true}, "labelsOrientation": {"x": 0, "yLeft": 0, "yRight": 0}, "layers": [{"accessors": ["34e0e2cc-aab4-4581-9bc4-aba527024007"], "layerId": "0600494b-6f03-450b-8dab-981005aedf32", "layerType": "data", "position": "top", "seriesType": "bar", "showGridlines": false, "xAccessor": "0f00561d-d6d7-46b2-af59-4ea225a9893a"}], "legend": {"isVisible": true, "position": "right"}, "preferredSeriesType": "bar", "tickLabelsVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "valueLabels": "hide", "yLeftExtent": {"mode": "full"}, "yRightExtent": {"mode": "full"}}}, "title": "Endgame - Alert Logs Over Time", "visualizationType": "lnsXY"}, "coreMigrationVersion": "7.16.2", "id": "d94cae10-6e46-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-0600494b-6f03-450b-8dab-981005aedf32", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 270], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzY2LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"3b6026b4-9c36-4fbc-9f90-bd5580303bea": {"columnOrder": ["d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721", "ff0a89b4-427d-4739-bb83-86794a1f4289"], "columns": {"d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "user.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "ff0a89b4-427d-4739-bb83-86794a1f4289", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 20}, "scale": "ordinal", "sourceField": "user.name"}, "ff0a89b4-427d-4739-bb83-86794a1f4289": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": "event.kind : \"alert\" "}, "visualization": {"columns": [{"columnId": "d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721"}, {"columnId": "ff0a89b4-427d-4739-bb83-86794a1f4289"}], "layerId": "3b6026b4-9c36-4fbc-9f90-bd5580303bea", "layerType": "data"}}, "title": "Endgame - Alert User Name", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "f376b820-6e47-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-3b6026b4-9c36-4fbc-9f90-bd5580303bea", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 274], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzY3LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"3dff58f4-dda3-4f2d-9e31-d8552e12eb13": {"columnOrder": ["8e1fb558-637d-42a8-9127-002e698bde8a", "8546cccc-256d-4ef9-8de6-2825a3a5a649", "f6f670d2-0af3-4432-97d4-8ac112cb7102"], "columns": {"8546cccc-256d-4ef9-8de6-2825a3a5a649": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "command_line", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "f6f670d2-0af3-4432-97d4-8ac112cb7102", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 5}, "scale": "ordinal", "sourceField": "process.command_line"}, "8e1fb558-637d-42a8-9127-002e698bde8a": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "host.domain", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "f6f670d2-0af3-4432-97d4-8ac112cb7102", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "host.domain"}, "f6f670d2-0af3-4432-97d4-8ac112cb7102": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": "event.kind : \"alert\" "}, "visualization": {"columns": [{"columnId": "8546cccc-256d-4ef9-8de6-2825a3a5a649", "isTransposed": false, "width": 432.33333333333337}, {"columnId": "8e1fb558-637d-42a8-9127-002e698bde8a", "isTransposed": false, "width": 197.83333333333331}, {"columnId": "f6f670d2-0af3-4432-97d4-8ac112cb7102", "isTransposed": false}], "layerId": "3dff58f4-dda3-4f2d-9e31-d8552e12eb13", "layerType": "data"}}, "title": "Endgame - Alerts Host Domain", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "1fd82420-6e3a-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-3dff58f4-dda3-4f2d-9e31-d8552e12eb13", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 278], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzY4LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"46832f84-f86b-4914-a3ac-aaeda9f09cf7": {"columnOrder": ["77069155-4e9a-4727-b888-648fed60258e", "e7878efe-2181-449d-afd3-771296665829", "738c056c-c4eb-4855-a690-90fa5b9e23f8", "02c8c47e-9b96-4384-b467-1fd9cff2b78b", "d61f74aa-1899-4881-a2cc-d0dc7cbf28df", "6de07e81-5ee7-4885-af47-26b401667757", "895abdf3-8c99-4473-a904-b379d478aae1", "e30b3573-c58d-4b82-853d-70c1d090d641"], "columns": {"02c8c47e-9b96-4384-b467-1fd9cff2b78b": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "process.command_line", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "e30b3573-c58d-4b82-853d-70c1d090d641", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "process.command_line"}, "6de07e81-5ee7-4885-af47-26b401667757": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "file.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "e30b3573-c58d-4b82-853d-70c1d090d641", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "file.name"}, "738c056c-c4eb-4855-a690-90fa5b9e23f8": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "Category", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "e30b3573-c58d-4b82-853d-70c1d090d641", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "event.category"}, "77069155-4e9a-4727-b888-648fed60258e": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "event.id ", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "e30b3573-c58d-4b82-853d-70c1d090d641", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 20}, "scale": "ordinal", "sourceField": "event.id"}, "895abdf3-8c99-4473-a904-b379d478aae1": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "host.domain", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "e30b3573-c58d-4b82-853d-70c1d090d641", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "host.domain"}, "d61f74aa-1899-4881-a2cc-d0dc7cbf28df": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "process.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "e30b3573-c58d-4b82-853d-70c1d090d641", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "process.name"}, "e30b3573-c58d-4b82-853d-70c1d090d641": {"dataType": "number", "isBucketed": false, "label": "Count of records", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "e7878efe-2181-449d-afd3-771296665829": {"customLabel": true, "dataType": "number", "isBucketed": true, "label": "Severity", "operationType": "range", "params": {"maxBars": "auto", "ranges": [{"from": 0, "label": "", "to": 1000}], "type": "histogram"}, "scale": "interval", "sourceField": "event.severity"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": "event.kind : \"alert\" "}, "visualization": {"columns": [{"columnId": "77069155-4e9a-4727-b888-648fed60258e", "isTransposed": false}, {"alignment": "center", "columnId": "e7878efe-2181-449d-afd3-771296665829", "isTransposed": false}, {"columnId": "738c056c-c4eb-4855-a690-90fa5b9e23f8", "isTransposed": false}, {"columnId": "02c8c47e-9b96-4384-b467-1fd9cff2b78b", "isTransposed": false}, {"columnId": "d61f74aa-1899-4881-a2cc-d0dc7cbf28df", "isTransposed": false}, {"columnId": "6de07e81-5ee7-4885-af47-26b401667757", "isTransposed": false}, {"columnId": "895abdf3-8c99-4473-a904-b379d478aae1", "isTransposed": false}, {"columnId": "e30b3573-c58d-4b82-853d-70c1d090d641", "hidden": true, "isTransposed": false}], "layerId": "46832f84-f86b-4914-a3ac-aaeda9f09cf7", "layerType": "data"}}, "title": "Endgame - Alerts Events", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "ca0f3e20-6e48-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-46832f84-f86b-4914-a3ac-aaeda9f09cf7", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 282], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzY5LDE1XQ=="} +{"attributes": {"columns": [], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.kind\",\"params\":{\"query\":\"alert\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.kind\":\"alert\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Endgame - Alert Search", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "3ab5c280-6f06-11ec-864c-8b5450f97635", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "endgame-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}, {"id": "endgame-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", "type": "index-pattern"}], "sort": [1643385898421, 285], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzcwLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"}, "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}", "panelsJSON": "[{\"version\":\"7.16.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":10,\"h\":11,\"i\":\"3aa898cc-eaa4-47ea-962f-fd5be8255144\"},\"panelIndex\":\"3aa898cc-eaa4-47ea-962f-fd5be8255144\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635) \\n \\n**Event Category** \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame** \\n[Endgame Alerts](https://ENDGAMEHOST/alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_3aa898cc-eaa4-47ea-962f-fd5be8255144\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":10,\"y\":0,\"w\":9,\"h\":11,\"i\":\"1ab268d3-b117-4d65-b568-d53af35bebb4\"},\"panelIndex\":\"1ab268d3-b117-4d65-b568-d53af35bebb4\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_1ab268d3-b117-4d65-b568-d53af35bebb4\",\"type\":\"lens\",\"id\":\"914d4890-6e46-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1ab268d3-b117-4d65-b568-d53af35bebb4\",\"type\":\"lens\",\"id\":\"914d4890-6e46-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1ab268d3-b117-4d65-b568-d53af35bebb4\",\"type\":\"lens\",\"id\":\"914d4890-6e46-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-842f61f9-afc4-44dc-a6bd-e3cc66a8827b\"}],\"state\":{\"visualization\":{\"layerId\":\"842f61f9-afc4-44dc-a6bd-e3cc66a8827b\",\"accessor\":\"2834ba67-2809-442b-b80b-4b17d3a67d43\",\"layerType\":\"data\"},\"query\":{\"query\":\"event.kind : \\\"alert\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"842f61f9-afc4-44dc-a6bd-e3cc66a8827b\":{\"columns\":{\"2834ba67-2809-442b-b80b-4b17d3a67d43\":{\"label\":\" \",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"2834ba67-2809-442b-b80b-4b17d3a67d43\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"panelRefName\":\"panel_1ab268d3-b117-4d65-b568-d53af35bebb4\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":19,\"y\":0,\"w\":29,\"h\":11,\"i\":\"41131702-4832-4ca2-a24c-2418181fa4bb\"},\"panelIndex\":\"41131702-4832-4ca2-a24c-2418181fa4bb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_41131702-4832-4ca2-a24c-2418181fa4bb\",\"type\":\"lens\",\"id\":\"d94cae10-6e46-11ec-864c-8b5450f97635\"},{\"name\":\"panel_41131702-4832-4ca2-a24c-2418181fa4bb\",\"type\":\"lens\",\"id\":\"d94cae10-6e46-11ec-864c-8b5450f97635\"},{\"name\":\"panel_41131702-4832-4ca2-a24c-2418181fa4bb\",\"type\":\"lens\",\"id\":\"d94cae10-6e46-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-0600494b-6f03-450b-8dab-981005aedf32\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar\",\"layers\":[{\"layerId\":\"0600494b-6f03-450b-8dab-981005aedf32\",\"accessors\":[\"34e0e2cc-aab4-4581-9bc4-aba527024007\"],\"position\":\"top\",\"seriesType\":\"bar\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"0f00561d-d6d7-46b2-af59-4ea225a9893a\"}]},\"query\":{\"query\":\"event.kind : \\\"alert\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"0600494b-6f03-450b-8dab-981005aedf32\":{\"columns\":{\"0f00561d-d6d7-46b2-af59-4ea225a9893a\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"34e0e2cc-aab4-4581-9bc4-aba527024007\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true}},\"columnOrder\":[\"0f00561d-d6d7-46b2-af59-4ea225a9893a\",\"34e0e2cc-aab4-4581-9bc4-aba527024007\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Alerts Log Count Over Time\",\"panelRefName\":\"panel_41131702-4832-4ca2-a24c-2418181fa4bb\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":11,\"w\":8,\"h\":15,\"i\":\"126f7572-997b-441a-a124-a342a75325d5\"},\"panelIndex\":\"126f7572-997b-441a-a124-a342a75325d5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_126f7572-997b-441a-a124-a342a75325d5\",\"type\":\"lens\",\"id\":\"f376b820-6e47-11ec-864c-8b5450f97635\"},{\"name\":\"panel_126f7572-997b-441a-a124-a342a75325d5\",\"type\":\"lens\",\"id\":\"f376b820-6e47-11ec-864c-8b5450f97635\"},{\"name\":\"panel_126f7572-997b-441a-a124-a342a75325d5\",\"type\":\"lens\",\"id\":\"f376b820-6e47-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-3b6026b4-9c36-4fbc-9f90-bd5580303bea\"}],\"state\":{\"visualization\":{\"layerId\":\"3b6026b4-9c36-4fbc-9f90-bd5580303bea\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721\"},{\"columnId\":\"ff0a89b4-427d-4739-bb83-86794a1f4289\"}]},\"query\":{\"query\":\"event.kind : \\\"alert\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"3b6026b4-9c36-4fbc-9f90-bd5580303bea\":{\"columns\":{\"d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721\":{\"label\":\"user.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name\",\"isBucketed\":true,\"params\":{\"size\":20,\"orderBy\":{\"type\":\"column\",\"columnId\":\"ff0a89b4-427d-4739-bb83-86794a1f4289\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"ff0a89b4-427d-4739-bb83-86794a1f4289\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721\",\"ff0a89b4-427d-4739-bb83-86794a1f4289\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Alerts Users\",\"panelRefName\":\"panel_126f7572-997b-441a-a124-a342a75325d5\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":11,\"w\":16,\"h\":15,\"i\":\"146912f3-f4f8-4cc3-9226-6f516dd3c3da\"},\"panelIndex\":\"146912f3-f4f8-4cc3-9226-6f516dd3c3da\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da\",\"type\":\"lens\",\"id\":\"0406add0-6e48-11ec-864c-8b5450f97635\"},{\"name\":\"panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da\",\"type\":\"lens\",\"id\":\"0406add0-6e48-11ec-864c-8b5450f97635\"},{\"name\":\"panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da\",\"type\":\"lens\",\"id\":\"0406add0-6e48-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-9643f560-7a46-408c-b61d-ed2a87fc6103\"}],\"state\":{\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"layers\":[{\"layerId\":\"9643f560-7a46-408c-b61d-ed2a87fc6103\",\"groups\":[\"305b2f21-9981-40d5-a79b-f7a78eea89b4\"],\"metric\":\"3520723b-f0f3-4845-975c-e97380d8124b\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\"}]},\"query\":{\"query\":\"event.kind : \\\"alert\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"9643f560-7a46-408c-b61d-ed2a87fc6103\":{\"columns\":{\"305b2f21-9981-40d5-a79b-f7a78eea89b4\":{\"label\":\"process.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.name\",\"isBucketed\":true,\"params\":{\"size\":20,\"orderBy\":{\"type\":\"column\",\"columnId\":\"3520723b-f0f3-4845-975c-e97380d8124b\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"3520723b-f0f3-4845-975c-e97380d8124b\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"305b2f21-9981-40d5-a79b-f7a78eea89b4\",\"3520723b-f0f3-4845-975c-e97380d8124b\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"type\":\"lens\"},\"title\":\"Endgame - Alerts Processes\",\"panelRefName\":\"panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":11,\"w\":24,\"h\":15,\"i\":\"7a533f92-16c8-4f34-b31b-8055cce33284\"},\"panelIndex\":\"7a533f92-16c8-4f34-b31b-8055cce33284\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"panelRefName\":\"panel_7a533f92-16c8-4f34-b31b-8055cce33284\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":26,\"w\":48,\"h\":13,\"i\":\"37330ea4-1070-465d-8356-97f438a273f9\"},\"panelIndex\":\"37330ea4-1070-465d-8356-97f438a273f9\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_37330ea4-1070-465d-8356-97f438a273f9\",\"type\":\"lens\",\"id\":\"ca0f3e20-6e48-11ec-864c-8b5450f97635\"},{\"name\":\"panel_37330ea4-1070-465d-8356-97f438a273f9\",\"type\":\"lens\",\"id\":\"ca0f3e20-6e48-11ec-864c-8b5450f97635\"},{\"name\":\"panel_37330ea4-1070-465d-8356-97f438a273f9\",\"type\":\"lens\",\"id\":\"ca0f3e20-6e48-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-46832f84-f86b-4914-a3ac-aaeda9f09cf7\"}],\"state\":{\"visualization\":{\"layerId\":\"46832f84-f86b-4914-a3ac-aaeda9f09cf7\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"77069155-4e9a-4727-b888-648fed60258e\",\"isTransposed\":false},{\"columnId\":\"e7878efe-2181-449d-afd3-771296665829\",\"isTransposed\":false,\"alignment\":\"center\"},{\"isTransposed\":false,\"columnId\":\"738c056c-c4eb-4855-a690-90fa5b9e23f8\"},{\"isTransposed\":false,\"columnId\":\"02c8c47e-9b96-4384-b467-1fd9cff2b78b\"},{\"isTransposed\":false,\"columnId\":\"d61f74aa-1899-4881-a2cc-d0dc7cbf28df\"},{\"isTransposed\":false,\"columnId\":\"6de07e81-5ee7-4885-af47-26b401667757\"},{\"isTransposed\":false,\"columnId\":\"895abdf3-8c99-4473-a904-b379d478aae1\"},{\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\",\"isTransposed\":false,\"hidden\":true}]},\"query\":{\"query\":\"event.kind : \\\"alert\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"46832f84-f86b-4914-a3ac-aaeda9f09cf7\":{\"columns\":{\"77069155-4e9a-4727-b888-648fed60258e\":{\"label\":\"event.id (click on + to go to Endgame)\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.id\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"e7878efe-2181-449d-afd3-771296665829\":{\"label\":\"Severity\",\"dataType\":\"number\",\"operationType\":\"range\",\"sourceField\":\"event.severity\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"type\":\"histogram\",\"ranges\":[{\"from\":0,\"to\":1000,\"label\":\"\"}],\"maxBars\":\"auto\"},\"customLabel\":true},\"738c056c-c4eb-4855-a690-90fa5b9e23f8\":{\"label\":\"Category\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.category\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"02c8c47e-9b96-4384-b467-1fd9cff2b78b\":{\"label\":\"process.command_line\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.command_line\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"d61f74aa-1899-4881-a2cc-d0dc7cbf28df\":{\"label\":\"process.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"6de07e81-5ee7-4885-af47-26b401667757\":{\"label\":\"file.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"895abdf3-8c99-4473-a904-b379d478aae1\":{\"label\":\"host.domain\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.domain\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e30b3573-c58d-4b82-853d-70c1d090d641\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false},\"customLabel\":true},\"e30b3573-c58d-4b82-853d-70c1d090d641\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"77069155-4e9a-4727-b888-648fed60258e\",\"e7878efe-2181-449d-afd3-771296665829\",\"738c056c-c4eb-4855-a690-90fa5b9e23f8\",\"02c8c47e-9b96-4384-b467-1fd9cff2b78b\",\"d61f74aa-1899-4881-a2cc-d0dc7cbf28df\",\"6de07e81-5ee7-4885-af47-26b401667757\",\"895abdf3-8c99-4473-a904-b379d478aae1\",\"e30b3573-c58d-4b82-853d-70c1d090d641\"],\"incompleteColumns\":{}}}}}}},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"28bd4c58-580b-4d1c-b65e-3ddef0fee644\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Open event in Endgame\",\"config\":{\"url\":{\"template\":\"https://ENDGAMEHOST/alerts/{{event.value}}\"},\"openInNewTab\":true,\"encodeUrl\":false}}}]}},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Endgame - Alerts Event\",\"panelRefName\":\"panel_37330ea4-1070-465d-8356-97f438a273f9\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":39,\"w\":48,\"h\":18,\"i\":\"b3f00dae-22f1-4455-a672-087870874671\"},\"panelIndex\":\"b3f00dae-22f1-4455-a672-087870874671\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b3f00dae-22f1-4455-a672-087870874671\"}]", "timeRestore": false, "title": "Endgame - Alerts", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "0c8e61c0-67fc-11ec-864c-8b5450f97635", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "754f7380-6d82-11ec-864c-8b5450f97635", "name": "3aa898cc-eaa4-47ea-962f-fd5be8255144:panel_3aa898cc-eaa4-47ea-962f-fd5be8255144", "type": "visualization"}, {"id": "914d4890-6e46-11ec-864c-8b5450f97635", "name": "1ab268d3-b117-4d65-b568-d53af35bebb4:panel_1ab268d3-b117-4d65-b568-d53af35bebb4", "type": "lens"}, {"id": "914d4890-6e46-11ec-864c-8b5450f97635", "name": "1ab268d3-b117-4d65-b568-d53af35bebb4:panel_1ab268d3-b117-4d65-b568-d53af35bebb4", "type": "lens"}, {"id": "914d4890-6e46-11ec-864c-8b5450f97635", "name": "1ab268d3-b117-4d65-b568-d53af35bebb4:panel_1ab268d3-b117-4d65-b568-d53af35bebb4", "type": "lens"}, {"id": "914d4890-6e46-11ec-864c-8b5450f97635", "name": "1ab268d3-b117-4d65-b568-d53af35bebb4:panel_1ab268d3-b117-4d65-b568-d53af35bebb4", "type": "lens"}, {"id": "endgame-*", "name": "1ab268d3-b117-4d65-b568-d53af35bebb4:indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "1ab268d3-b117-4d65-b568-d53af35bebb4:indexpattern-datasource-layer-842f61f9-afc4-44dc-a6bd-e3cc66a8827b", "type": "index-pattern"}, {"id": "d94cae10-6e46-11ec-864c-8b5450f97635", "name": "41131702-4832-4ca2-a24c-2418181fa4bb:panel_41131702-4832-4ca2-a24c-2418181fa4bb", "type": "lens"}, {"id": "d94cae10-6e46-11ec-864c-8b5450f97635", "name": "41131702-4832-4ca2-a24c-2418181fa4bb:panel_41131702-4832-4ca2-a24c-2418181fa4bb", "type": "lens"}, {"id": "d94cae10-6e46-11ec-864c-8b5450f97635", "name": "41131702-4832-4ca2-a24c-2418181fa4bb:panel_41131702-4832-4ca2-a24c-2418181fa4bb", "type": "lens"}, {"id": "d94cae10-6e46-11ec-864c-8b5450f97635", "name": "41131702-4832-4ca2-a24c-2418181fa4bb:panel_41131702-4832-4ca2-a24c-2418181fa4bb", "type": "lens"}, {"id": "endgame-*", "name": "41131702-4832-4ca2-a24c-2418181fa4bb:indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "41131702-4832-4ca2-a24c-2418181fa4bb:indexpattern-datasource-layer-0600494b-6f03-450b-8dab-981005aedf32", "type": "index-pattern"}, {"id": "f376b820-6e47-11ec-864c-8b5450f97635", "name": "126f7572-997b-441a-a124-a342a75325d5:panel_126f7572-997b-441a-a124-a342a75325d5", "type": "lens"}, {"id": "f376b820-6e47-11ec-864c-8b5450f97635", "name": "126f7572-997b-441a-a124-a342a75325d5:panel_126f7572-997b-441a-a124-a342a75325d5", "type": "lens"}, {"id": "f376b820-6e47-11ec-864c-8b5450f97635", "name": "126f7572-997b-441a-a124-a342a75325d5:panel_126f7572-997b-441a-a124-a342a75325d5", "type": "lens"}, {"id": "f376b820-6e47-11ec-864c-8b5450f97635", "name": "126f7572-997b-441a-a124-a342a75325d5:panel_126f7572-997b-441a-a124-a342a75325d5", "type": "lens"}, {"id": "endgame-*", "name": "126f7572-997b-441a-a124-a342a75325d5:indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "126f7572-997b-441a-a124-a342a75325d5:indexpattern-datasource-layer-3b6026b4-9c36-4fbc-9f90-bd5580303bea", "type": "index-pattern"}, {"id": "0406add0-6e48-11ec-864c-8b5450f97635", "name": "146912f3-f4f8-4cc3-9226-6f516dd3c3da:panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da", "type": "lens"}, {"id": "0406add0-6e48-11ec-864c-8b5450f97635", "name": "146912f3-f4f8-4cc3-9226-6f516dd3c3da:panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da", "type": "lens"}, {"id": "0406add0-6e48-11ec-864c-8b5450f97635", "name": "146912f3-f4f8-4cc3-9226-6f516dd3c3da:panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da", "type": "lens"}, {"id": "0406add0-6e48-11ec-864c-8b5450f97635", "name": "146912f3-f4f8-4cc3-9226-6f516dd3c3da:panel_146912f3-f4f8-4cc3-9226-6f516dd3c3da", "type": "lens"}, {"id": "endgame-*", "name": "146912f3-f4f8-4cc3-9226-6f516dd3c3da:indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "146912f3-f4f8-4cc3-9226-6f516dd3c3da:indexpattern-datasource-layer-9643f560-7a46-408c-b61d-ed2a87fc6103", "type": "index-pattern"}, {"id": "1fd82420-6e3a-11ec-864c-8b5450f97635", "name": "7a533f92-16c8-4f34-b31b-8055cce33284:panel_7a533f92-16c8-4f34-b31b-8055cce33284", "type": "lens"}, {"id": "ca0f3e20-6e48-11ec-864c-8b5450f97635", "name": "37330ea4-1070-465d-8356-97f438a273f9:panel_37330ea4-1070-465d-8356-97f438a273f9", "type": "lens"}, {"id": "ca0f3e20-6e48-11ec-864c-8b5450f97635", "name": "37330ea4-1070-465d-8356-97f438a273f9:panel_37330ea4-1070-465d-8356-97f438a273f9", "type": "lens"}, {"id": "ca0f3e20-6e48-11ec-864c-8b5450f97635", "name": "37330ea4-1070-465d-8356-97f438a273f9:panel_37330ea4-1070-465d-8356-97f438a273f9", "type": "lens"}, {"id": "ca0f3e20-6e48-11ec-864c-8b5450f97635", "name": "37330ea4-1070-465d-8356-97f438a273f9:panel_37330ea4-1070-465d-8356-97f438a273f9", "type": "lens"}, {"id": "endgame-*", "name": "37330ea4-1070-465d-8356-97f438a273f9:indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "37330ea4-1070-465d-8356-97f438a273f9:indexpattern-datasource-layer-46832f84-f86b-4914-a3ac-aaeda9f09cf7", "type": "index-pattern"}, {"id": "3ab5c280-6f06-11ec-864c-8b5450f97635", "name": "b3f00dae-22f1-4455-a672-087870874671:panel_b3f00dae-22f1-4455-a672-087870874671", "type": "search"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 320], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzcxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - RADIUS - Reply", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - RADIUS - Reply\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"radius.reply_message.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"radius.reply_message.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Reply\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "0ca071b0-75c5-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 322], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzcyLDE1XQ=="} +{"attributes": {"columns": ["_source"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.module:sysmon\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Security Onion - Sysmon", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "6281da80-c780-11ea-bebb-37c5ab5894ea", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 324], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzczLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Security Onion - Sysmon Datasets", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.dataset.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - Sysmon Datasets\"}"}, "coreMigrationVersion": "7.16.2", "id": "0caa7df0-c781-11ea-bebb-37c5ab5894ea", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "6281da80-c780-11ea-bebb-37c5ab5894ea", "name": "search_0", "type": "search"}], "sort": [1643385898421, 326], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzc0LDE1XQ=="} +{"attributes": {"columns": ["_source"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.dataset:conn\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Security Onion - Connections", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "9b333020-6e9f-11ea-9266-1fd14ca6af34", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 328], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzc1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - Connections Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - Connections Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date_range\",\"params\":{\"id\":\"date\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}}},\"params\":{},\"label\":\"@timestamp date ranges\",\"aggType\":\"date_range\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"}, "coreMigrationVersion": "7.16.2", "id": "34721460-6ebc-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9b333020-6e9f-11ea-9266-1fd14ca6af34", "name": "search_0", "type": "search"}], "sort": [1643385898421, 330], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzc2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - Connections - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Connections - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "c9121690-6ea0-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9b333020-6e9f-11ea-9266-1fd14ca6af34", "name": "search_0", "type": "search"}], "sort": [1643385898421, 332], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzc3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - Connections - State", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Connections - State\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"connection.state.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connection.state.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"State\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "23b65290-6ea2-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9b333020-6e9f-11ea-9266-1fd14ca6af34", "name": "search_0", "type": "search"}], "sort": [1643385898421, 334], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzc4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Connections - State (Desc)", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connection.state_description.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection State\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - Connections - State (Desc)\"}"}, "coreMigrationVersion": "7.16.2", "id": "dc3f2c10-c6d6-11ea-bebb-37c5ab5894ea", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 336], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzc5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - Connections - Client Bytes", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Connections - Client Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Client Bytes\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.bytes\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client Bytes\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "98f6e9d0-6ea1-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9b333020-6e9f-11ea-9266-1fd14ca6af34", "name": "search_0", "type": "search"}], "sort": [1643385898421, 338], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzgwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - Connections - Responder Bytes", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Connections - Responder Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Server Bytes\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.bytes\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Bytes\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "70565ec0-6ea1-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9b333020-6e9f-11ea-9266-1fd14ca6af34", "name": "search_0", "type": "search"}], "sort": [1643385898421, 340], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzgxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - Connections - History", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Connections - History\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connection.history.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"History\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "5414ad60-6ea2-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9b333020-6e9f-11ea-9266-1fd14ca6af34", "name": "search_0", "type": "search"}], "sort": [1643385898421, 342], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzgyLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:conn\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"a05b7540-74b1-40db-b1d6-0e151f5bbaba\"},\"panelIndex\":\"a05b7540-74b1-40db-b1d6-0e151f5bbaba\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":13,\"h\":9,\"i\":\"78f096e9-6e6b-4144-a63f-3767deab6c8c\"},\"panelIndex\":\"78f096e9-6e6b-4144-a63f-3767deab6c8c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":26,\"y\":0,\"w\":22,\"h\":9,\"i\":\"f24faa4b-0270-44e6-af45-639e2d39c2c3\"},\"panelIndex\":\"f24faa4b-0270-44e6-af45-639e2d39c2c3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":18,\"i\":\"8cc3f2ee-fcc8-4ddb-8f44-ec0b08da4756\"},\"panelIndex\":\"8cc3f2ee-fcc8-4ddb-8f44-ec0b08da4756\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":11,\"y\":9,\"w\":12,\"h\":18,\"i\":\"5558d00d-f3fd-4051-96a4-384134149228\"},\"panelIndex\":\"5558d00d-f3fd-4051-96a4-384134149228\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":23,\"y\":9,\"w\":13,\"h\":18,\"i\":\"ccdbd90c-299e-4e60-a139-1505f1329071\"},\"panelIndex\":\"ccdbd90c-299e-4e60-a139-1505f1329071\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":36,\"y\":9,\"w\":12,\"h\":18,\"i\":\"d678bf2f-f183-4981-9142-976880029daa\"},\"panelIndex\":\"d678bf2f-f183-4981-9142-976880029daa\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":19,\"h\":18,\"i\":\"97f0546b-01c5-41c1-9316-099f2b3c8d91\"},\"panelIndex\":\"97f0546b-01c5-41c1-9316-099f2b3c8d91\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":19,\"y\":27,\"w\":9,\"h\":18,\"i\":\"598bda31-1136-4474-9384-451491a71d23\"},\"panelIndex\":\"598bda31-1136-4474-9384-451491a71d23\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"desc\"}}},\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":28,\"y\":27,\"w\":9,\"h\":18,\"i\":\"8192def5-399b-4728-8646-edf393b63b7e\"},\"panelIndex\":\"8192def5-399b-4728-8646-edf393b63b7e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":37,\"y\":27,\"w\":11,\"h\":18,\"i\":\"755322ff-13a8-4121-a2db-6322c037e8b3\"},\"panelIndex\":\"755322ff-13a8-4121-a2db-6322c037e8b3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":29,\"i\":\"a03bb16a-9d36-4cad-91a3-256b29489fd7\"},\"panelIndex\":\"a03bb16a-9d36-4cad-91a3-256b29489fd7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"}]", "timeRestore": false, "title": "Security Onion - Connections", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "0cc628b0-6e9f-11ea-9266-1fd14ca6af34", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "34721460-6ebc-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "c9121690-6ea0-11ea-9266-1fd14ca6af34", "name": "panel_5", "type": "visualization"}, {"id": "23b65290-6ea2-11ea-9266-1fd14ca6af34", "name": "panel_6", "type": "visualization"}, {"id": "dc3f2c10-c6d6-11ea-bebb-37c5ab5894ea", "name": "panel_7", "type": "visualization"}, {"id": "98f6e9d0-6ea1-11ea-9266-1fd14ca6af34", "name": "panel_8", "type": "visualization"}, {"id": "70565ec0-6ea1-11ea-9266-1fd14ca6af34", "name": "panel_9", "type": "visualization"}, {"id": "5414ad60-6ea2-11ea-9266-1fd14ca6af34", "name": "panel_10", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_11", "type": "search"}], "sort": [1643385898421, 355], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzgzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"event.category.keyword : \\\"process\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Endgame - All Event.Cat:Process Logs", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Endgame - All Event.Cat:Process Logs\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":42}}}}"}, "coreMigrationVersion": "7.16.2", "id": "0d0c0750-6348-11ec-864c-8b5450f97635", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "endgame-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 358], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzg0LDE1XQ=="} +{"attributes": {"columns": ["source_ip", "source_port", "destination_ip", "destination_port", "uid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_modbus\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Modbus - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "52dc9fe0-342e-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 360], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzg1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Modbus - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Modbus - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "0d168a30-363f-11e7-a6f7-4f44d7bf1c33", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "52dc9fe0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 362], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzg2LDE1XQ=="} +{"attributes": {"columns": ["source_ip", "source_port", "destination_ip", "destination_port", "uid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_weird\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Weird - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "e32d0d50-342e-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 364], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzg3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Weird - Log Count Over TIme", "uiStateJSON": "{}", "version": 1, "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"@timestamp per 12 hours\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"title\":\"Weird - Log Count Over TIme\",\"type\":\"line\"}"}, "coreMigrationVersion": "7.16.2", "id": "0dbcade0-3642-11e7-a6f7-4f44d7bf1c33", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "e32d0d50-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 366], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzg4LDE1XQ=="} +{"attributes": {"columns": ["alert_level", "classification", "description"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[{\"meta\":{\"negate\":false,\"key\":\"tags\",\"value\":\"alert\",\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"tags\":{\"query\":\"alert\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query_string\":{\"query\":\"event_type:ossec\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "OSSEC - Alerts", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "d9096bb0-342f-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}, {"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", "type": "index-pattern"}], "sort": [1643385898421, 369], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzg5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "OSSEC Alerts - Log Count Over TIme", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"OSSEC Alerts - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "4fa0e530-3644-11e7-a6f7-4f44d7bf1c33", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d9096bb0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 371], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzkwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "OSSEC Alerts - Alert Level (Pie Chart)", "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", "version": 1, "visState": "{\"title\":\"OSSEC Alerts - Alert Level (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"alert_level.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Alert Level\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "69d98570-398b-11e7-84f8-a1f7cef50fcb", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d9096bb0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 373], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzkxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "OSSEC Alerts - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"OSSEC Alerts - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDG4pcDxQT5EBNmq3pi", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d9096bb0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 375], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzkyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "OSSEC Alerts - Event Summary", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"OSSEC Alerts - Event Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"description.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Description\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Agent\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"\",\"customLabel\":\"Username\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "ee0ba080-4a3d-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d9096bb0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 377], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzkzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "OSSEC Alerts - User to Escalated User (Data Table)", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"OSSEC Alerts - User to Escalated User (Data Table)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"escalated_user.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Escalated User\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "1de31b40-4a42-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d9096bb0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 379], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzk0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "OSSEC Alerts - Command (Data Table)", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"OSSEC Alerts - Command (Data Table)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"command.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "9ff34f60-4a42-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d9096bb0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 381], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzk1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "OSSEC Alerts - Process and Username (Data Table)", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"OSSEC Alerts - Process and Username (Data Table)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Process\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "447bd2f0-4a43-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d9096bb0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 383], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzk2LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"h\":60,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"h\":28,\"i\":\"6\",\"w\":16,\"x\":32,\"y\":8},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":true},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"h\":56,\"i\":\"11\",\"w\":48,\"x\":0,\"y\":88},\"panelIndex\":\"11\",\"embeddableConfig\":{\"columns\":[\"alert_level\",\"classification\",\"description\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"h\":8,\"i\":\"12\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"h\":28,\"i\":\"13\",\"w\":24,\"x\":8,\"y\":8},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"h\":24,\"i\":\"14\",\"w\":16,\"x\":32,\"y\":36},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"h\":28,\"i\":\"15\",\"w\":48,\"x\":0,\"y\":60},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"h\":24,\"i\":\"16\",\"w\":24,\"x\":8,\"y\":36},\"panelIndex\":\"16\",\"embeddableConfig\":{\"spy\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]", "timeRestore": false, "title": "z16.04 - OSSEC Alerts", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "0de7a390-3644-11e7-a6f7-4f44d7bf1c33", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "4fa0e530-3644-11e7-a6f7-4f44d7bf1c33", "name": "panel_1", "type": "visualization"}, {"id": "69d98570-398b-11e7-84f8-a1f7cef50fcb", "name": "panel_2", "type": "visualization"}, {"id": "d9096bb0-342f-11e7-9e93-53b62e1857b2", "name": "panel_3", "type": "search"}, {"id": "AWDG4pcDxQT5EBNmq3pi", "name": "panel_4", "type": "visualization"}, {"id": "ee0ba080-4a3d-11e8-9b0a-f1d33346f773", "name": "panel_5", "type": "visualization"}, {"id": "1de31b40-4a42-11e8-9b0a-f1d33346f773", "name": "panel_6", "type": "visualization"}, {"id": "9ff34f60-4a42-11e8-9b0a-f1d33346f773", "name": "panel_7", "type": "visualization"}, {"id": "447bd2f0-4a43-11e8-9b0a-f1d33346f773", "name": "panel_8", "type": "visualization"}], "sort": [1643385898421, 393], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzk3LDE1XQ=="} +{"attributes": {"columns": ["source_ip", "source_port", "destination_ip", "destination_port", "uid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_snmp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "SNMP - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "b12150a0-342e-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 395], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzk4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SNMP - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SNMP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "0defabb0-36b9-11e7-9786-41a1d72e15ad", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "b12150a0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 397], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzNzk5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"}, "title": "Security Onion - Alert Data", "uiStateJSON": "{}", "version": 1, "visState": "{\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645) \\n \\n**Modules** \\n[Playbook](/kibana/app/dashboards#/view/f449f0a0-c77c-11ea-bebb-37c5ab5894ea) \\n[Suricata](/kibana/app/dashboards#/view/81057f40-7733-11ea-bee5-af7f7c7b8e05) \\n[Wazuh](/kibana/app/dashboards#/view/9480f190-7732-11ea-bee5-af7f7c7b8e05) \\n[Zeek](/kibana/app/dashboards#/view/fa9ed760-7734-11ea-bee5-af7f7c7b8e05) \\n\"},\"title\":\"Security Onion - Alert Data\"}"}, "coreMigrationVersion": "7.16.2", "id": "30df00e0-7733-11ea-bee5-af7f7c7b8e05", "migrationVersion": {"visualization": "7.14.0"}, "references": [], "sort": [1643385898421, 398], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODAwLDE1XQ=="} +{"attributes": {"columns": ["_source"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.dataset:alert\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Security Onion - Alerts", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "5c3effd0-72ae-11ea-8dd2-9d8795a1200b", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 400], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODAxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - Alerts - Count", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - Alerts - Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"}, "coreMigrationVersion": "7.16.2", "id": "931cb6f0-72ae-11ea-8dd2-9d8795a1200b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "5c3effd0-72ae-11ea-8dd2-9d8795a1200b", "name": "search_0", "type": "search"}], "sort": [1643385898421, 402], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODAyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - Alerts Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - Alerts Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"}, "coreMigrationVersion": "7.16.2", "id": "b419b100-72ae-11ea-8dd2-9d8795a1200b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "5c3effd0-72ae-11ea-8dd2-9d8795a1200b", "name": "search_0", "type": "search"}], "sort": [1643385898421, 404], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODAzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Security Onion - Rule - Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.module.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Module\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rule.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"title\":\"Security Onion - Rule - Name\"}"}, "coreMigrationVersion": "7.16.2", "id": "508fb520-72af-11ea-8dd2-9d8795a1200b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "5c3effd0-72ae-11ea-8dd2-9d8795a1200b", "name": "search_0", "type": "search"}], "sort": [1643385898421, 406], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODA0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Rule - Severity", "uiStateJSON": "{}", "version": 1, "visState": "{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.severity_label.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"title\":\"Security Onion - Rule - Severity\"}"}, "coreMigrationVersion": "7.16.2", "id": "a37b9fa0-72b0-11ea-8dd2-9d8795a1200b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 408], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODA1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - Rule - Category", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Rule - Category\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "f7e1d570-72ae-11ea-8dd2-9d8795a1200b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "5c3effd0-72ae-11ea-8dd2-9d8795a1200b", "name": "search_0", "type": "search"}], "sort": [1643385898421, 410], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODA2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Destination Ports", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Destination Ports\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"destination.port: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 412], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODA3LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset: alert\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Low & Medium Severity\",\"disabled\":true,\"key\":\"event.severity\",\"negate\":false,\"params\":{\"gte\":1,\"lt\":3},\"type\":\"range\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"range\":{\"event.severity\":{\"gte\":1,\"lt\":3}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"High & Critical Severity\",\"disabled\":true,\"key\":\"event.severity\",\"negate\":false,\"params\":{\"gte\":3,\"lt\":5},\"type\":\"range\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"range\":{\"event.severity\":{\"gte\":3,\"lt\":5}}}]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":10,\"h\":8,\"i\":\"c2ddba4b-b0a1-4204-b952-fdc8073dd3c6\"},\"panelIndex\":\"c2ddba4b-b0a1-4204-b952-fdc8073dd3c6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":10,\"y\":0,\"w\":13,\"h\":8,\"i\":\"5a22818d-a0f7-4b39-978f-bee1e4280a54\"},\"panelIndex\":\"5a22818d-a0f7-4b39-978f-bee1e4280a54\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":8,\"i\":\"41a7c313-2dc3-4563-8545-a55f57af532c\"},\"panelIndex\":\"41a7c313-2dc3-4563-8545-a55f57af532c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":29,\"h\":19,\"i\":\"7f00befc-4315-45d2-b686-fa99db9fb79c\"},\"panelIndex\":\"7f00befc-4315-45d2-b686-fa99db9fb79c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":29,\"y\":8,\"w\":19,\"h\":19,\"i\":\"1fa5c765-6991-4ece-a6a4-cdb6f2d35553\"},\"panelIndex\":\"1fa5c765-6991-4ece-a6a4-cdb6f2d35553\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":19,\"h\":18,\"i\":\"eee74597-fa74-4bf6-9c71-429bfe4c3ecd\"},\"panelIndex\":\"eee74597-fa74-4bf6-9c71-429bfe4c3ecd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":19,\"y\":27,\"w\":10,\"h\":18,\"i\":\"fa0e8955-a837-400c-abcb-43394471b39d\"},\"panelIndex\":\"fa0e8955-a837-400c-abcb-43394471b39d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":29,\"y\":27,\"w\":10,\"h\":18,\"i\":\"b60abef8-9b1e-4bae-ac3f-d7eb5a230430\"},\"panelIndex\":\"b60abef8-9b1e-4bae-ac3f-d7eb5a230430\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":39,\"y\":27,\"w\":9,\"h\":18,\"i\":\"799598a4-39de-455d-bc39-409466b8b119\"},\"panelIndex\":\"799598a4-39de-455d-bc39-409466b8b119\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":29,\"i\":\"a801f4a1-b678-47f2-9602-9c46e65533ca\"},\"panelIndex\":\"a801f4a1-b678-47f2-9602-9c46e65533ca\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]", "timeRestore": false, "title": "Security Onion - Alerts", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "0e4af1d0-72ae-11ea-8dd2-9d8795a1200b", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", "type": "index-pattern"}, {"id": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29", "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", "type": "index-pattern"}, {"id": "30df00e0-7733-11ea-bee5-af7f7c7b8e05", "name": "panel_0", "type": "visualization"}, {"id": "931cb6f0-72ae-11ea-8dd2-9d8795a1200b", "name": "panel_1", "type": "visualization"}, {"id": "b419b100-72ae-11ea-8dd2-9d8795a1200b", "name": "panel_2", "type": "visualization"}, {"id": "508fb520-72af-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "a37b9fa0-72b0-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "f7e1d570-72ae-11ea-8dd2-9d8795a1200b", "name": "panel_5", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_6", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_7", "type": "visualization"}, {"id": "f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_8", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_9", "type": "search"}], "sort": [1643385898421, 425], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODA4LDE1XQ=="} +{"attributes": {"columns": ["event_type", "source_ip", "source_port", "destination_ip", "destination_port", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:sysmon\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Sysmon - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "248c1d20-6d6b-11e7-ad64-15aa071374a6", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 427], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODA5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Sysmon - Summary", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Sysmon - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"image_path.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Image\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_hostname.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Hostname\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_hostname.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Hostname\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "0eb1fd80-6d70-11e7-b09b-f57b22df6524", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "248c1d20-6d6b-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 429], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODEwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Kerberos Client", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Kerberos Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"kerberos.client.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"kerberos.client.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "0ecc7310-75bd-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 431], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODExLDE1XQ=="} +{"attributes": {"columns": ["source_ip", "source_port", "destination_ip", "destination_port", "uid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "All Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "aa05e920-3433-11e7-8867-29a39c0f86b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 433], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODEyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Sensors/Devices - Total Number of Logs", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Sensors/Devices - Total Number of Logs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-host_from.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sensor/Device\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "0f25aac0-3434-11e7-8867-29a39c0f86b2", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "aa05e920-3433-11e7-8867-29a39c0f86b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 435], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODEzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SSH - Direction", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - SSH - Direction\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssh.direction.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.direction.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Direction\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "104a4a90-75eb-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 437], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODE0LDE1XQ=="} +{"attributes": {"columns": ["source_ip", "destination_ip", "message_types", "uid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dhcp\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "DHCP - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "ac1799d0-342d-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 439], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODE1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "DHCP - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DHCP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "1055ada0-3655-11e7-baa7-b7de4ee40605", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "ac1799d0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 441], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODE2LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"9629c970-29fd-421c-a46a-0bf72171818e": {"columnOrder": ["398df44e-6553-4353-b8eb-a2d6c9f83dac"], "columns": {"398df44e-6553-4353-b8eb-a2d6c9f83dac": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": "event.category.keyword : \"registry\" "}, "visualization": {"accessor": "398df44e-6553-4353-b8eb-a2d6c9f83dac", "layerId": "9629c970-29fd-421c-a46a-0bf72171818e", "layerType": "data"}}, "title": "Endgame - All Event.Cat:Registry Logs", "visualizationType": "lnsMetric"}, "coreMigrationVersion": "7.16.2", "id": "10af1a20-6cc9-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-9629c970-29fd-421c-a46a-0bf72171818e", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 445], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODE3LDE1XQ=="} +{"attributes": {"columns": ["source_ip", "source_port", "destination_ip", "destination_port", "uid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_dce_rpc\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "DCE/RPC - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "913c5b80-3aab-11e7-8b17-0d8709b02c80", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 447], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODE4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "DCE/RPC - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DCE/RPC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "10b8a610-3af3-11e7-a83b-b1b4da7d15f4", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "913c5b80-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 449], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODE5LDE1XQ=="} +{"attributes": {"columns": ["source_ip", "source_port", "destination_ip", "destination_port", "uid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_radius\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "RADIUS - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "75545310-342e-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 451], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODIwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "RADIUS - MAC", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"RADIUS - MAC\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mac.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MAC Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "10cd7190-3809-11e7-a1cc-ebc6a7e70e84", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "75545310-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 453], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODIxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Connections - Source - Sum of Total Bytes ( Tile Map)", "uiStateJSON": "{\"mapZoom\":3,\"mapCenter\":[39.70718665682654,-44.912109375]}", "version": 1, "visState": "{\"title\":\"Connections - Source - Sum of Total Bytes ( Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"source_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "1156b1e0-46c7-11e7-946f-1bfb1be7c36b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 455], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODIyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Logstash - Processing Performance", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Logstash - Processing Performance\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"rotate\":75,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Log Type\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Average processing time\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"},{\"data\":{\"id\":\"4\",\"label\":\"Standard Deviation of logstash_time\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\",\"customLabel\":\"Average processing time\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event_type.keyword\",\"size\":20,\"orderAgg\":{\"id\":\"2-orderAgg\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"orderAgg\",\"params\":{\"field\":\"logstash_time\"}},\"order\":\"desc\",\"orderBy\":\"custom\",\"customLabel\":\"Log Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"std_dev\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "f86bc870-46ce-11e7-946f-1bfb1be7c36b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "aa05e920-3433-11e7-8867-29a39c0f86b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 457], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODIzLDE1XQ=="} +{"attributes": {"columns": ["_source"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"tags:_grokparsefailure OR tags:_csvparsefailure OR tags:_rubyexception\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Errors", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "ef487fd0-46cf-11e7-ba56-317a6969f55c", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 459], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODI0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Logstash - Error Type (Donut Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Logstash - Error Type (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tags.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"exclude\":\"\",\"include\":\"_csvparsefailure|_grokparsefailure|_rubyexception\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "3a273780-46d0-11e7-946f-1bfb1be7c36b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "ef487fd0-46cf-11e7-ba56-317a6969f55c", "name": "search_0", "type": "search"}], "sort": [1643385898421, 461], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODI1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Logstash - Avg Processing Time", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"Logstash - Avg Processing Time\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHIynExQT5EBNmq49q", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 463], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODI2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Logstash - Median Processing TIme", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"Logstash - Median Processing TIme\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"median\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\",\"percents\":[50]}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHJY1BxQT5EBNmq5Ay", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 465], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODI3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Logstash - Max Processing Time", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"Logstash - Max Processing Time\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHJpuBxQT5EBNmq5Cr", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 467], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODI4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"tags:_grokparsefailure OR tags:_csvparsefailure OR tags:_rubyexception\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Logstash - Error Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"Logstash - Error Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHKEF2xQT5EBNmq5FA", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 469], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODI5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Sensors/Devices and Services", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Sensors/Devices and Services\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sensor_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sensor\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "d8214de0-4a3a-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 471], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODMwLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":12,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":28,\"x\":8,\"y\":36,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":64,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":64,\"x\":0,\"y\":0,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":64,\"x\":0,\"y\":88,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"columns\":[\"_source\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":12,\"x\":8,\"y\":0,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":12,\"x\":16,\"y\":0,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":12,\"x\":24,\"y\":0,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":12,\"x\":32,\"y\":0,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":28,\"h\":28,\"x\":20,\"y\":36,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}},\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]", "timeRestore": false, "title": "z16.04 - Stats", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "130017f0-46ce-11e7-946f-1bfb1be7c36b", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "f86bc870-46ce-11e7-946f-1bfb1be7c36b", "name": "panel_0", "type": "visualization"}, {"id": "0f25aac0-3434-11e7-8867-29a39c0f86b2", "name": "panel_1", "type": "visualization"}, {"id": "3a273780-46d0-11e7-946f-1bfb1be7c36b", "name": "panel_2", "type": "visualization"}, {"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_3", "type": "visualization"}, {"id": "ef487fd0-46cf-11e7-ba56-317a6969f55c", "name": "panel_4", "type": "search"}, {"id": "AWDHIynExQT5EBNmq49q", "name": "panel_5", "type": "visualization"}, {"id": "AWDHJY1BxQT5EBNmq5Ay", "name": "panel_6", "type": "visualization"}, {"id": "AWDHJpuBxQT5EBNmq5Cr", "name": "panel_7", "type": "visualization"}, {"id": "AWDHKEF2xQT5EBNmq5FA", "name": "panel_8", "type": "visualization"}, {"id": "d8214de0-4a3a-11e8-9b0a-f1d33346f773", "name": "panel_9", "type": "visualization"}], "sort": [1643385898421, 482], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODMxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Connections - Destination - Sum of Total Bytes ( Tile Map)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Connections - Destination - Sum of Total Bytes ( Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "1342e630-4632-11e7-9903-85f789353078", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 484], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODMyLDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"9f5d45b0-a078-4f86-b1f0-8e375d4ad641": {"columnOrder": ["b67d303e-9a64-468a-9297-60ee2bb030cf", "8fdfcdad-b05c-410d-a776-3e8ac8a74dc2"], "columns": {"8fdfcdad-b05c-410d-a776-3e8ac8a74dc2": {"dataType": "number", "isBucketed": false, "label": "Count of records", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "b67d303e-9a64-468a-9297-60ee2bb030cf": {"dataType": "string", "isBucketed": true, "label": "Top values of endgame.event_subtype_full", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "8fdfcdad-b05c-410d-a776-3e8ac8a74dc2", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 6}, "scale": "ordinal", "sourceField": "endgame.event_subtype_full"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": ""}, "visualization": {"layers": [{"categoryDisplay": "default", "groups": ["b67d303e-9a64-468a-9297-60ee2bb030cf"], "layerId": "9f5d45b0-a078-4f86-b1f0-8e375d4ad641", "layerType": "data", "legendDisplay": "show", "metric": "8fdfcdad-b05c-410d-a776-3e8ac8a74dc2", "nestedLegend": false, "numberDisplay": "percent"}], "shape": "donut"}}, "title": "Endgame - Event Category Pie Chart", "visualizationType": "lnsPie"}, "coreMigrationVersion": "7.16.2", "id": "137cda90-6a20-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-9f5d45b0-a078-4f86-b1f0-8e375d4ad641", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 488], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODMzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - DNS - Response Code Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.response.code_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Response Code Name\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - DNS - Response Code Name\"}"}, "coreMigrationVersion": "7.16.2", "id": "13cda410-c770-11ea-bebb-37c5ab5894ea", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 490], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODM0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Sysmon - Username", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Sysmon - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "13ed0810-6d72-11e7-b09b-f57b22df6524", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "248c1d20-6d6b-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 492], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODM1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Connections - Connection State", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Connections - Connection State\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connection_state_description.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection State Description\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "13fe29c0-3b17-11e7-b871-5f76306b9694", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 494], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODM2LDE1XQ=="} +{"attributes": {"columns": ["source_ip", "source_port", "destination_ip", "destination_port", "uid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_rfb\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "RFB - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "8ba53710-342e-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 496], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODM3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "RFB - Exclusive Session (Donut Chart)", "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", "version": 1, "visState": "{\"title\":\"RFB - Exclusive Session (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"share_flag.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "14274040-371f-11e7-90f8-87842d5eedc9", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "8ba53710-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 498], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODM4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Agents", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Agents\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"agent.type.keyword: Descending\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"agent.version.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Agent\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Version\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "14ed9540-6ed7-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 500], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODM5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "X.509 - Certificate Key Length (Vertical Bar Chart)", "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", "version": 1, "visState": "{\"title\":\"X.509 - Certificate Key Length (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Key Length\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"certificate_key_length\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Key Length\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "150f7280-6e37-11e7-a8d6-ed2e692de531", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "f5038cc0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 502], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODQwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Rule - Description", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Rule - Description\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "1563f380-7737-11ea-bee5-af7f7c7b8e05", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 504], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODQxLDE1XQ=="} +{"attributes": {"columns": ["source_ip", "source_port", "destination_ip", "destination_port", "uid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"(event_type:bro_smb_mapping OR event_type:bro_smb_files)\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "SMB - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "19849f30-3aab-11e7-8b17-0d8709b02c80", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 506], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODQyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SMB - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SMB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "15b4e7a0-3aad-11e7-8b17-0d8709b02c80", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "19849f30-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 508], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODQzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - DHCP - Server Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - DHCP - Server Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Server Address\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.address.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Address\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "15fa3b30-7375-11ea-a3da-cbdb4f8a90c0", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 510], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODQ0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Modbus - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Modbus - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "178209e0-6e1b-11e7-b553-7f80727663c1", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "52dc9fe0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 512], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODQ1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "RDP - Destination Port", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"RDP - Destination Port\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "19dfd180-371c-11e7-90f8-87842d5eedc9", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "823dd600-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 514], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODQ2LDE1XQ=="} +{"attributes": {"columns": ["source_ip", "source_port", "destination_ip", "destination_port", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event_type:ids\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "NIDS - Alerts", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "9a5a35c0-342f-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 516], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODQ3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "NIDS - Drilldown - Alert Title", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"NIDS - Drilldown - Alert Title\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":12}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"top_hits\",\"schema\":\"metric\",\"params\":{\"field\":\"alert.keyword\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "1b3faca0-e064-11e9-8f0c-2ddbf5ed9290", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9a5a35c0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 518], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODQ4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Weird - Source IP Address", "uiStateJSON": "{\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-6\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Weird - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "1b837b00-364e-11e7-9dc3-d35061cb642d", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "e32d0d50-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 520], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODQ5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Total Log Count Over TIme", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Total Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "1c2aeb50-365e-11e7-b896-5bdd6bfa1561", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "aa05e920-3433-11e7-8867-29a39c0f86b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 522], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODUwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SMB - Service", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - SMB - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smb.service.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "1c6567b0-75f0-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 524], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODUxLDE1XQ=="} +{"attributes": {"columns": ["entry", "entry_location", "image_path", "hostname", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:autoruns\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Autoruns - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "dd700830-6d69-11e7-ad64-15aa071374a6", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 526], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODUyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Autoruns - Profile", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Autoruns - Profile\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"profile.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Profile\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "1cd6a970-6d79-11e7-b09b-f57b22df6524", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "dd700830-6d69-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 528], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODUzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "ElastAlert - Log Count Over Time", "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", "version": 1, "visState": "{\"title\":\"ElastAlert - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "969e4820-7dce-11e7-a1a2-3be6827d22ce", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:elastalert_status*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 530], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODU0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "ElastAlert - Alert Type", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"ElastAlert - Alert Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert_info.type.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Alert Type\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "f7998d60-7dce-11e7-a1a2-3be6827d22ce", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:elastalert_status*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 532], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODU1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "ElastAlert - Rule", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"ElastAlert - Rule\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule_name\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Rule\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "5e1dc100-7dcf-11e7-a1a2-3be6827d22ce", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:elastalert_status*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 534], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODU2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "ElastAlert - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"ElastAlert - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"match_body.source.ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "8ec77cb0-7dcf-11e7-a1a2-3be6827d22ce", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:elastalert_status*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 536], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODU3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "ElastAlert - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"ElastAlert - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"match_body.destination.ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "a26faee0-7dcf-11e7-a1a2-3be6827d22ce", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:elastalert_status*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 538], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODU4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "ElastAlert - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"ElastAlert - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"match_body.destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "ce25b750-7dcf-11e7-a1a2-3be6827d22ce", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:elastalert_status*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 540], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODU5LDE1XQ=="} +{"attributes": {"columns": ["rule_name", "matches", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "ElastAlert", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "e8840d40-7dcf-11e7-a1a2-3be6827d22ce", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:elastalert_status*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 542], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODYwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Elastalert - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"Elastalert - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDG7DVRxQT5EBNmq3zM", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:elastalert_status*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 544], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODYxLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":24,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":24,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":32,\"w\":14,\"h\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":22,\"y\":32,\"w\":14,\"h\":24,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":36,\"y\":32,\"w\":12,\"h\":24,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":48,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"columns\":[\"rule_name\",\"matches\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"},\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]", "timeRestore": false, "title": "z16.04 - ElastAlert", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "1d98d620-7dce-11e7-846a-150cdcaf3374", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "969e4820-7dce-11e7-a1a2-3be6827d22ce", "name": "panel_1", "type": "visualization"}, {"id": "f7998d60-7dce-11e7-a1a2-3be6827d22ce", "name": "panel_2", "type": "visualization"}, {"id": "5e1dc100-7dcf-11e7-a1a2-3be6827d22ce", "name": "panel_3", "type": "visualization"}, {"id": "8ec77cb0-7dcf-11e7-a1a2-3be6827d22ce", "name": "panel_4", "type": "visualization"}, {"id": "a26faee0-7dcf-11e7-a1a2-3be6827d22ce", "name": "panel_5", "type": "visualization"}, {"id": "ce25b750-7dcf-11e7-a1a2-3be6827d22ce", "name": "panel_6", "type": "visualization"}, {"id": "e8840d40-7dcf-11e7-a1a2-3be6827d22ce", "name": "panel_7", "type": "search"}, {"id": "AWDG7DVRxQT5EBNmq3zM", "name": "panel_8", "type": "visualization"}], "sort": [1643385898421, 554], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODYyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "DNS - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"DNS - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "1ecdd2e0-34c0-11e7-9b32-bb903919ead9", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d46522e0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 556], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODYzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SIP - Method (Horizontal Bar Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"SIP - Method (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"method.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Method\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "1ef5c230-6e24-11e7-a261-55504638cf3b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9e131480-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 558], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODY0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - MySQL - Command/Argument", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - MySQL - Command/Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"mysql.command.keyword: Descending\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"mysql.argument.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.command.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.argument.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Argument\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "1f306f60-75c0-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 560], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODY1LDE1XQ=="} +{"attributes": {"columns": [], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Endgame", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "20c85b70-53aa-11ec-b3ef-6bcc33056a36", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "endgame-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 562], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODY2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Modbus - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Modbus - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "20eabd60-380b-11e7-a1cc-ebc6a7e70e84", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "52dc9fe0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 564], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODY3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - DNP3 - FC Reply", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - DNP3 - FC Reply\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dnp3.fc_reply.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"FC Reply\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "214793c0-75b9-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 566], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODY4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SSL - Destination Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SSL - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "21d090d0-365b-11e7-8bd0-1db2c55fb7a1", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c8f21de0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 568], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODY5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "DNS - Response Code (Name)", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DNS - Response Code (Name)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rcode_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response Code (Name)\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "22f7de30-4949-11e8-9576-313be7c6b44b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d46522e0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 570], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODcwLDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"7d4edcbb-fca9-47d9-93df-acba6aaf6f58": {"columnOrder": ["42bc4d8f-a628-4d50-96ac-b186a03aee07", "0601e3c4-200d-4b97-adec-7f6a16209269", "92a4b279-4a18-4513-a75c-52dcf79a6801"], "columns": {"0601e3c4-200d-4b97-adec-7f6a16209269": {"dataType": "date", "isBucketed": true, "label": "@timestamp", "operationType": "date_histogram", "params": {"interval": "auto"}, "scale": "interval", "sourceField": "@timestamp"}, "42bc4d8f-a628-4d50-96ac-b186a03aee07": {"dataType": "string", "isBucketed": true, "label": "Top values of event.action", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "92a4b279-4a18-4513-a75c-52dcf79a6801", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 10}, "scale": "ordinal", "sourceField": "event.action"}, "92a4b279-4a18-4513-a75c-52dcf79a6801": {"dataType": "number", "isBucketed": false, "label": "Count of records", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.category", "negate": false, "params": {"query": "network"}, "type": "phrase"}, "query": {"match_phrase": {"event.category": "network"}}}], "query": {"language": "kuery", "query": ""}, "visualization": {"axisTitlesVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "fittingFunction": "None", "gridlinesVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "labelsOrientation": {"x": 0, "yLeft": 0, "yRight": 0}, "layers": [{"accessors": ["92a4b279-4a18-4513-a75c-52dcf79a6801"], "layerId": "7d4edcbb-fca9-47d9-93df-acba6aaf6f58", "layerType": "data", "seriesType": "bar_stacked", "splitAccessor": "42bc4d8f-a628-4d50-96ac-b186a03aee07", "xAccessor": "0601e3c4-200d-4b97-adec-7f6a16209269"}], "legend": {"isVisible": true, "position": "right"}, "preferredSeriesType": "bar_stacked", "tickLabelsVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "valueLabels": "hide", "yLeftExtent": {"mode": "full"}, "yRightExtent": {"mode": "full"}}}, "title": "Endgame - Network Category Graph", "visualizationType": "lnsXY"}, "coreMigrationVersion": "7.16.2", "id": "22ffcc70-6322-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-7d4edcbb-fca9-47d9-93df-acba6aaf6f58", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 575], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODcxLDE1XQ=="} +{"attributes": {"columns": ["source_ip", "destination_ip", "destination_port", "resp_fuids", "uid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_http\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "HTTP - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "fad7d170-342d-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 577], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODcyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "HTTP - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"HTTP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "37f19e40-34c6-11e7-8360-0b86c90983fd", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "fad7d170-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 579], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODczLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "HTTP - Sites", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"HTTP - Sites\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"virtual_host.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Site\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "8ba31820-34c6-11e7-8360-0b86c90983fd", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "fad7d170-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 581], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODc0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"\\\"application/x-dosexec\\\"\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "HTTP - Sites Hosting EXEs", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"HTTP - Sites Hosting EXEs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"virtual_host.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Site\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "7153e7f0-34c7-11e7-8360-0b86c90983fd", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 583], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODc1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "HTTP - URIs", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"HTTP - URIs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"uri.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "aa7abb00-34e3-11e7-9669-7f1d3242b798", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "fad7d170-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 585], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODc2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "HTTP - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"HTTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "ae1f1fb0-3648-11e7-bf60-314364dd1cde", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "fad7d170-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 587], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODc3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "HTTP - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"HTTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "d0f56da0-3648-11e7-bf60-314364dd1cde", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "fad7d170-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 589], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODc4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "HTTP - User Agent", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"HTTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"useragent.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "ae591c20-4164-11e7-9850-b78558d0ac17", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "fad7d170-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 591], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODc5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "HTTP - Referrer", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"HTTP - Referrer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"referrer.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "2a7c21d0-4165-11e7-9850-b78558d0ac17", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "fad7d170-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 593], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODgwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "HTTP - MIME Type (Tag Cloud)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"HTTP - MIME Type (Tag Cloud)\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":14,\"maxFontSize\":40,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"resp_mime_types.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "934fe550-6e08-11e7-9370-174c4785d3e1", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "fad7d170-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 595], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODgxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "HTTP - Destination Port (Vertical Bar Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"HTTP - Destination Port (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75,\"filter\":true},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "3f4abb40-6e0a-11e7-84cc-b363f104b3c7", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "fad7d170-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 597], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODgyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "HTTP - Destination Country (Vertical Bar Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"HTTP - Destination Country (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"title\":{\"text\":\"Country\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "e41a0bd0-6e0a-11e7-84cc-b363f104b3c7", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "fad7d170-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 599], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODgzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "HTTP - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"HTTP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDG97t7xQT5EBNmq4E1", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "fad7d170-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 601], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODg0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "HTTP - Status and Method", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "version": 1, "visState": "{\"title\":\"HTTP - Status and Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"status_message.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Status Message\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"method.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Method\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "66faa650-4c99-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "fad7d170-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 603], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODg1LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":52,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":88,\"w\":48,\"h\":24,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":112,\"w\":48,\"h\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":136,\"w\":48,\"h\":24,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":216,\"w\":48,\"h\":36,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"resp_fuids\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":52,\"w\":24,\"h\":24,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":52,\"w\":24,\"h\":24,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":188,\"w\":48,\"h\":28,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":160,\"w\":48,\"h\":28,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":76,\"w\":48,\"h\":12,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":20,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":20,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"vis\":{\"colors\":{\"Count\":\"#629E51\"}},\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":28,\"w\":40,\"h\":24,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_14\"}]", "timeRestore": false, "title": "z16.04 - Bro - HTTP", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "230134a0-34c6-11e7-8360-0b86c90983fd", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "37f19e40-34c6-11e7-8360-0b86c90983fd", "name": "panel_1", "type": "visualization"}, {"id": "8ba31820-34c6-11e7-8360-0b86c90983fd", "name": "panel_2", "type": "visualization"}, {"id": "7153e7f0-34c7-11e7-8360-0b86c90983fd", "name": "panel_3", "type": "visualization"}, {"id": "aa7abb00-34e3-11e7-9669-7f1d3242b798", "name": "panel_4", "type": "visualization"}, {"id": "fad7d170-342d-11e7-9e93-53b62e1857b2", "name": "panel_5", "type": "search"}, {"id": "ae1f1fb0-3648-11e7-bf60-314364dd1cde", "name": "panel_6", "type": "visualization"}, {"id": "d0f56da0-3648-11e7-bf60-314364dd1cde", "name": "panel_7", "type": "visualization"}, {"id": "ae591c20-4164-11e7-9850-b78558d0ac17", "name": "panel_8", "type": "visualization"}, {"id": "2a7c21d0-4165-11e7-9850-b78558d0ac17", "name": "panel_9", "type": "visualization"}, {"id": "934fe550-6e08-11e7-9370-174c4785d3e1", "name": "panel_10", "type": "visualization"}, {"id": "3f4abb40-6e0a-11e7-84cc-b363f104b3c7", "name": "panel_11", "type": "visualization"}, {"id": "e41a0bd0-6e0a-11e7-84cc-b363f104b3c7", "name": "panel_12", "type": "visualization"}, {"id": "AWDG97t7xQT5EBNmq4E1", "name": "panel_13", "type": "visualization"}, {"id": "66faa650-4c99-11e8-9b0a-f1d33346f773", "name": "panel_14", "type": "visualization"}], "sort": [1643385898421, 619], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODg2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SSL - Validation Status", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SSL - Validation Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"validation_status.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "23d22bd0-70b4-11e7-810e-2bafe9e41c10", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c8f21de0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 621], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODg3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"}, "title": "Connections - Bytes and Duration", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Connections - Bytes and Duration\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Top Total Bytes](/kibana/app/dashboards#/view/a2ab0c40-3b0a-11e7-a6f9-5d3fe735ec2b) \\n[Source - Originator Bytes](/kibana/app/dashboards#/view/68f738e0-46ca-11e7-946f-1bfb1be7c36b) | [Destination - Responder Bytes](/kibana/app/dashboards#/view/b65775e0-46cb-11e7-946f-1bfb1be7c36b) \\n[Source - Sum of Total Bytes](/kibana/app/dashboards#/view/f042ad60-46c6-11e7-946f-1bfb1be7c36b) | [Destination - Sum of Total Bytes](/kibana/app/dashboards#/view/ccfcc540-4638-11e7-a82e-d97152153689) \\n[Source - Top Connection Duration](/kibana/app/dashboards#/view/4e108070-46c7-11e7-946f-1bfb1be7c36b) | [Destination - Top Connection Duration](/kibana/app/dashboards#/view/ea211360-46c4-11e7-a82e-d97152153689)\",\"fontSize\":12,\"openLinksInNewTab\":false},\"aggs\":[]}"}, "coreMigrationVersion": "7.16.2", "id": "25ce6eb0-463b-11e7-a82e-d97152153689", "migrationVersion": {"visualization": "7.14.0"}, "references": [], "sort": [1643385898421, 622], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODg4LDE1XQ=="} +{"attributes": {"columns": ["source_ip", "source_port", "destination_ip", "destination_port", "uid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_tunnels\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Tunnels - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "d26d5510-342e-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 624], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODg5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Tunnels - Destination Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Tunnels - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "26457730-3808-11e7-a1cc-ebc6a7e70e84", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d26d5510-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 626], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODkwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "RFB - Log Count Over TIme", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"RFB - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "265a04d0-3640-11e7-a6f7-4f44d7bf1c33", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "8ba53710-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 628], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODkxLDE1XQ=="} +{"attributes": {"columns": ["source_ip", "destination_ip", "destination_port", "uid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_syslog\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Syslog (Bro) - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "269ca380-76b4-11e7-8c3e-cfcdd8c95d87", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 630], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODkyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"event.category.keyword : \\\"process\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Endgame - Event.Cat:Process Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Endgame - Event.Cat:Process Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30m\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{},\"style\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"},\"style\":{}}],\"seriesParams\":[{\"show\":true,\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":3}],\"addTooltip\":true,\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"addLegend\":true,\"legendPosition\":\"right\",\"fittingFunction\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"labels\":{},\"radiusRatio\":9,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"}, "coreMigrationVersion": "7.16.2", "id": "269cd740-634c-11ec-864c-8b5450f97635", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "endgame-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 633], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODkzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SIP - Method", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - SIP - Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.method.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.method.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "272b8ab0-75ca-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 635], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODk0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Bro - Connections - Service By Destination Country", "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", "version": 1, "visState": "{\"title\":\"Bro - Connections - Service By Destination Country\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\",\"row\":false}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"service.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "277f3250-4161-11e7-8493-51634b0a4565", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 637], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODk1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - RADIUS - Result", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - RADIUS - Result\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"radius.result.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "27ab8260-75c5-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 639], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODk2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "FTP - Argument", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"FTP - Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ftp_argument.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Argument\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "e1907430-35b6-11e7-a994-c528746bc6e8", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "f21cb5f0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 641], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODk3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "FTP - Reply Message", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"FTP - Reply Message\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"reply_message.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Reply Message\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "adcd38e0-3679-11e7-8c78-e3086faf385c", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "f21cb5f0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 643], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODk4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "FTP - Reply Code", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"FTP - Reply Code\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"reply_code.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "a0cb0860-367a-11e7-8c78-e3086faf385c", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "f21cb5f0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 645], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzODk5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "FTP - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"FTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "cf9e5660-367a-11e7-8c78-e3086faf385c", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "f21cb5f0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 647], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTAwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "FTP - Destination Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"FTP - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "f1d3d070-367a-11e7-8c78-e3086faf385c", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "f21cb5f0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 649], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTAxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "FTP - Username", "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}", "version": 1, "visState": "{\"title\":\"FTP - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "f9904390-3bff-11e7-be35-e7fc4052ff75", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "f21cb5f0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 651], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTAyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "FTP - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"FTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "eead8540-6e14-11e7-8624-1fb07dd76c6a", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "f21cb5f0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 653], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTAzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "FTP - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"FTP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDG9sT_xQT5EBNmq4DI", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "f21cb5f0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 655], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTA0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "FTP - Command", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"FTP - Command\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ftp_command.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "d5681260-4c8c-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "f21cb5f0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 657], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTA1LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":20,\"y\":8,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":32,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":56,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":56,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":8,\"y\":32,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":80,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"uid\",\"fuid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":56,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":8,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"}]", "timeRestore": false, "title": "z16.04 - Bro - FTP", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "27f3b380-3583-11e7-a588-05992195c551", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "06f21d60-35b6-11e7-a994-c528746bc6e8", "name": "panel_1", "type": "visualization"}, {"id": "e1907430-35b6-11e7-a994-c528746bc6e8", "name": "panel_2", "type": "visualization"}, {"id": "adcd38e0-3679-11e7-8c78-e3086faf385c", "name": "panel_3", "type": "visualization"}, {"id": "a0cb0860-367a-11e7-8c78-e3086faf385c", "name": "panel_4", "type": "visualization"}, {"id": "cf9e5660-367a-11e7-8c78-e3086faf385c", "name": "panel_5", "type": "visualization"}, {"id": "f1d3d070-367a-11e7-8c78-e3086faf385c", "name": "panel_6", "type": "visualization"}, {"id": "f9904390-3bff-11e7-be35-e7fc4052ff75", "name": "panel_7", "type": "visualization"}, {"id": "f21cb5f0-342d-11e7-9e93-53b62e1857b2", "name": "panel_8", "type": "search"}, {"id": "eead8540-6e14-11e7-8624-1fb07dd76c6a", "name": "panel_9", "type": "visualization"}, {"id": "AWDG9sT_xQT5EBNmq4DI", "name": "panel_10", "type": "visualization"}, {"id": "d5681260-4c8c-11e8-9b0a-f1d33346f773", "name": "panel_11", "type": "visualization"}], "sort": [1643385898421, 670], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTA2LDE1XQ=="} +{"attributes": {"columns": ["alert_level", "classification", "description"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"event_type:ossec\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "OSSEC - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "efba60c0-3642-11e7-a6f7-4f44d7bf1c33", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 672], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTA3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "OSSEC - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"OSSEC - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "2817b300-3643-11e7-a6f7-4f44d7bf1c33", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "efba60c0-3642-11e7-a6f7-4f44d7bf1c33", "name": "search_0", "type": "search"}], "sort": [1643385898421, 674], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTA4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - PE - Machine", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.machine.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Machine\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - PE - Machine\"}"}, "coreMigrationVersion": "7.16.2", "id": "282bf2c0-c763-11ea-bebb-37c5ab5894ea", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 676], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTA5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - X.509 - Key Type (Donut)", "uiStateJSON": "{}", "version": 1, "visState": "{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"x509.certificate.key.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"x509.basic_constraints.ca: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"title\":\"Security Onion - X.509 - Key Type (Donut)\"}"}, "coreMigrationVersion": "7.16.2", "id": "2895c940-75ef-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 678], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTEwLDE1XQ=="} +{"attributes": {"columns": ["_source"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.dataset:http\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Security Onion - HTTP", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "9ee33aa0-6eb1-11ea-9266-1fd14ca6af34", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 680], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTExLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - HTTP - Virtual Host", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - HTTP - Virtual Host\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.virtual_host.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Virtual Host\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "28bf2ef0-6eb7-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9ee33aa0-6eb1-11ea-9266-1fd14ca6af34", "name": "search_0", "type": "search"}], "sort": [1643385898421, 682], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTEyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Connections - Top Source IPs", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Connections - Top Source IPs\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "28c27f80-3b05-11e7-a83b-b1b4da7d15f4", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 684], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTEzLDE1XQ=="} +{"attributes": {"columns": ["source_ip", "source_port", "destination_ip", "destination_port", "request_type", "uid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_kerberos\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Kerberos - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "452daa10-342e-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 686], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTE0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Kerberos - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Kerberos - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "28d04080-3636-11e7-a6f7-4f44d7bf1c33", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "452daa10-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 688], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTE1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SSH - Client", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - SSH - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"CLient\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssh.client.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "292b1db0-75ea-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 690], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTE2LDE1XQ=="} +{"attributes": {"columns": ["file_ip", "destination_ip", "source", "uid", "fuid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event_type:bro_files\"}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Files - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "e929e8a0-342d-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 692], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTE3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "FIles - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"FIles - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "295d7ed0-3656-11e7-baa7-b7de4ee40605", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "e929e8a0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 694], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTE4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Sysmon - Target Filename", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Sysmon - Target Filename\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"target_filename.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Filename\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "29611940-6d75-11e7-b09b-f57b22df6524", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "248c1d20-6d6b-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 696], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTE5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Connections - Source Country", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Connections - Source Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_geo.country_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "296823d0-366f-11e7-8c78-e3086faf385c", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 698], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTIwLDE1XQ=="} +{"attributes": {"columns": ["action", "reason", "source_ip", "source_port", "destination_ip", "destination_port", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:firewall\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Firewall - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "37c16940-6d6b-11e7-ad64-15aa071374a6", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 700], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTIxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Firewall - Action/Reason (Vertical Bar Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Firewall - Action/Reason (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Action\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"action.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"reason.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Reason\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "2a1eb100-6d82-11e7-bcd4-0d514e0e7da1", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "37c16940-6d6b-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 702], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTIyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SNMP - Version", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"SNMP - Version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"version.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "2a3ae810-36ba-11e7-9786-41a1d72e15ad", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "b12150a0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 704], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTIzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - DHCP - Lease Time", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - DHCP - Lease Time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dhcp.lease_time: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dhcp.lease_time\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Lease Time\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "2af5f980-96e2-11ea-814e-bb515e873c2c", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 706], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTI0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SSH - Client/Server", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SSH - Client/Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "2bbdc020-6e34-11e7-9a19-a5996f8250c6", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c33e7600-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 708], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTI1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"event.category : \\\"registry\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Endgame - Registry Events", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Endgame - Registry Events\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.hostname\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":7,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"hostname\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"registry.key\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"registry key\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"registry.value\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"value\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"showToolbar\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"}, "coreMigrationVersion": "7.16.2", "id": "2cb579d0-64bd-11ec-864c-8b5450f97635", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "endgame-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 711], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTI2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Files - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Files - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "6571ee10-3584-11e7-a588-05992195c551", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "e929e8a0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 713], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTI3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Files - Files By Size (Bytes)", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Files - Files By Size (Bytes)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"seen_bytes\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Bytes Seen\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "cb3f3850-3585-11e7-8f28-2b291d0f6d86", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "e929e8a0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 715], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTI4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "FIles - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"FIles - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file_ip.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "67ab33d0-3656-11e7-baa7-b7de4ee40605", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "e929e8a0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 717], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTI5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Files - MIME Type (Bar Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Files - MIME Type (Bar Chart)\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"rotate\":75,\"show\":true,\"truncate\":100,\"filter\":true},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"MIME Type\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mimetype.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "8c57f3d0-3674-11e7-8c78-e3086faf385c", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "e929e8a0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 719], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTMwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "FIles - MIME Type", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"FIles - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mimetype.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "aa021c90-3678-11e7-8c78-e3086faf385c", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "e929e8a0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 721], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTMxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Files - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"Files - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDG9goqxQT5EBNmq4BP", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "e929e8a0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 723], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTMyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Files - Source", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Files - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "dff32860-4c8b-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "e929e8a0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 725], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTMzLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":72,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"columns\":[\"file_ip\",\"destination_ip\",\"source\",\"uid\",\"fuid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":48,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":48,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":16,\"x\":8,\"y\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":48,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":24,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]", "timeRestore": false, "title": "z16.04 - Bro - Files", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "2d315d80-3582-11e7-98ef-19df58fe538b", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "6571ee10-3584-11e7-a588-05992195c551", "name": "panel_0", "type": "visualization"}, {"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_1", "type": "visualization"}, {"id": "e929e8a0-342d-11e7-9e93-53b62e1857b2", "name": "panel_2", "type": "search"}, {"id": "cb3f3850-3585-11e7-8f28-2b291d0f6d86", "name": "panel_3", "type": "visualization"}, {"id": "295d7ed0-3656-11e7-baa7-b7de4ee40605", "name": "panel_4", "type": "visualization"}, {"id": "67ab33d0-3656-11e7-baa7-b7de4ee40605", "name": "panel_5", "type": "visualization"}, {"id": "8c57f3d0-3674-11e7-8c78-e3086faf385c", "name": "panel_6", "type": "visualization"}, {"id": "aa021c90-3678-11e7-8c78-e3086faf385c", "name": "panel_7", "type": "visualization"}, {"id": "AWDG9goqxQT5EBNmq4BP", "name": "panel_8", "type": "visualization"}, {"id": "dff32860-4c8b-11e8-9b0a-f1d33346f773", "name": "panel_9", "type": "visualization"}], "sort": [1643385898421, 736], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTM0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Kerberos - Request Type", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Kerberos - Request Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"kerberos.request_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request Type\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "2d73e460-75bd-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 738], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTM1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Connections - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Connections - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "2da139c0-34e7-11e7-9118-45bd317f0ca4", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 740], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTM2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "SIP - Content Type (Pie Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"SIP - Content Type (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"content_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "2db47070-3754-11e7-b74a-f5057991ccd2", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9e131480-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 742], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTM3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - X.509 - Subject", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - X.509 - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"x509.certificate.subject.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subject\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "e3fb39a0-75ee-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 744], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTM4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - X.509 - SAN DNS", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - X.509 - SAN DNS\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"x509.san_dns.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"x509.san_dns.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SAN DNS\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "47f40770-75ef-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 746], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTM5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - X.509 - Issuer", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - X.509 - Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"x509.certificate.issuer.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"x509.certificate.issuer.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Issuer\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "b7334c00-75ee-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 748], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTQwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - X509 - Key Type", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"x509.certificate.key.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Key Type\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - X509 - Key Type\"}"}, "coreMigrationVersion": "7.16.2", "id": "8d4a9990-c77c-11ea-bebb-37c5ab5894ea", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 750], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTQxLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:x509\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":8,\"i\":\"2d374b61-ac4b-4f89-aec2-254ab0a2e011\"},\"panelIndex\":\"2d374b61-ac4b-4f89-aec2-254ab0a2e011\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":14,\"y\":0,\"w\":16,\"h\":8,\"i\":\"7372042e-3e70-4764-abb1-0c4c9288ff23\"},\"panelIndex\":\"7372042e-3e70-4764-abb1-0c4c9288ff23\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"eee8c3b6-66eb-4427-99ed-459c294599c7\"},\"panelIndex\":\"eee8c3b6-66eb-4427-99ed-459c294599c7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":30,\"h\":22,\"i\":\"3c5d4fc3-bad7-435e-aadc-21de562b638d\"},\"panelIndex\":\"3c5d4fc3-bad7-435e-aadc-21de562b638d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":8,\"w\":18,\"h\":22,\"i\":\"3fb3ec30-312a-45aa-93be-b8955615bf71\"},\"panelIndex\":\"3fb3ec30-312a-45aa-93be-b8955615bf71\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":30,\"w\":30,\"h\":21,\"i\":\"0a395978-b95f-4bfc-82fa-737307cd8ebd\"},\"panelIndex\":\"0a395978-b95f-4bfc-82fa-737307cd8ebd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":30,\"w\":18,\"h\":21,\"i\":\"e6e39ec1-063a-4e34-a909-4f47397fa79b\"},\"panelIndex\":\"e6e39ec1-063a-4e34-a909-4f47397fa79b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":51,\"w\":48,\"h\":29,\"i\":\"3fa098f8-4a37-410e-a8f5-fd3667865c3f\"},\"panelIndex\":\"3fa098f8-4a37-410e-a8f5-fd3667865c3f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]", "timeRestore": false, "title": "Security Onion - X509", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "2e0865f0-75ee-11ea-9565-7315f4ee5cac", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "e3fb39a0-75ee-11ea-9565-7315f4ee5cac", "name": "panel_3", "type": "visualization"}, {"id": "47f40770-75ef-11ea-9565-7315f4ee5cac", "name": "panel_4", "type": "visualization"}, {"id": "b7334c00-75ee-11ea-9565-7315f4ee5cac", "name": "panel_5", "type": "visualization"}, {"id": "8d4a9990-c77c-11ea-bebb-37c5ab5894ea", "name": "panel_6", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_7", "type": "search"}], "sort": [1643385898421, 759], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTQyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - RDP - Cookie", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - RDP - Cookie\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rdp.cookie.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rdp.cookie.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Cookie\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "2e7363f0-75c6-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 761], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTQzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Autoruns - Entry", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Autoruns - Entry\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"entry.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Entry\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"entry_location.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Entry Location\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "2ef9ccd0-6d7a-11e7-b09b-f57b22df6524", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "dd700830-6d69-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 763], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTQ0LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"d3d228ff-cc82-48f3-948f-6dad9c1d9208": {"columnOrder": ["fb32a3f2-725e-4068-abde-754d39d98a5c", "0b079a50-9c2b-47f9-b075-b982490e923c", "0b079a50-9c2b-47f9-b075-b982490e923cX0"], "columns": {"0b079a50-9c2b-47f9-b075-b982490e923c": {"dataType": "number", "isBucketed": false, "label": "count()", "operationType": "formula", "params": {"formula": "count()", "isFormulaBroken": false}, "references": ["0b079a50-9c2b-47f9-b075-b982490e923cX0"], "scale": "ratio"}, "0b079a50-9c2b-47f9-b075-b982490e923cX0": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Part of count()", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "fb32a3f2-725e-4068-abde-754d39d98a5c": {"dataType": "string", "isBucketed": true, "label": "Top values of event.type", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"fallback": true, "type": "alphabetical"}, "orderDirection": "asc", "otherBucket": true, "size": 5}, "scale": "ordinal", "sourceField": "event.type"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.category", "negate": false, "params": {"query": "network"}, "type": "phrase"}, "query": {"match_phrase": {"event.category": "network"}}}], "query": {"language": "kuery", "query": ""}, "visualization": {"layers": [{"categoryDisplay": "default", "groups": ["fb32a3f2-725e-4068-abde-754d39d98a5c"], "layerId": "d3d228ff-cc82-48f3-948f-6dad9c1d9208", "layerType": "data", "legendDisplay": "show", "metric": "0b079a50-9c2b-47f9-b075-b982490e923c", "nestedLegend": false, "numberDisplay": "percent"}], "palette": {"name": "default", "type": "palette"}, "shape": "donut"}}, "title": "Endgame - Network Type Chart", "visualizationType": "lnsPie"}, "coreMigrationVersion": "7.16.2", "id": "2f20b2c0-6323-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-d3d228ff-cc82-48f3-948f-6dad9c1d9208", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 768], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTQ1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "osquery - Change Stats", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"osquery - Change Stats\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Changes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"osquery.hostIdentifier.keyword\",\"customLabel\":\"Endpoints\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "2f556c90-14e3-11e9-82f7-0da02d93a48b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "84116380-14e1-11e9-82f7-0da02d93a48b", "name": "search_0", "type": "search"}], "sort": [1643385898421, 770], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTQ2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Endgame - All Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Endgame - All Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30m\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{},\"style\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"},\"style\":{}}],\"seriesParams\":[{\"show\":true,\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":3}],\"addTooltip\":true,\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"addLegend\":true,\"legendPosition\":\"right\",\"fittingFunction\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"labels\":{},\"radiusRatio\":9,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"}, "coreMigrationVersion": "7.16.2", "id": "2f7966b0-53a4-11ec-b3ef-6bcc33056a36", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "endgame-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 773], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTQ3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:files\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - File - Analyzer", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - File - Analyzer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.analyzer.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.analyzer.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Analyzer\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "2fc4bea0-7730-11ea-bee5-af7f7c7b8e05", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 775], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTQ4LDE1XQ=="} +{"attributes": {"columns": ["source_ip", "destination_ip", "destination_port", "uid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_dnp3\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "DNP3 - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "c2587840-342d-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 777], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTQ5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "DNP3 - Log Count Over TIme", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"DNP3 - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "593f1850-3581-11e7-98ef-19df58fe538b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c2587840-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 779], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTUwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "DNP3 - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DNP3 - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "dde8c8a0-3719-11e7-90f8-87842d5eedc9", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c2587840-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 781], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTUxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "DNP3 - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DNP3 - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "ef7546c0-3719-11e7-90f8-87842d5eedc9", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c2587840-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 783], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTUyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "DNP3 - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DNP3 - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "4898f230-6e0e-11e7-8624-1fb07dd76c6a", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c2587840-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 785], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTUzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "DNP3 - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"DNP3 - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDG9DWvxQT5EBNmq3-m", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c2587840-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 787], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTU0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "DNP3 - Function Request", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DNP3 - Function Request\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"fc_request.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "857c6760-4a4d-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c2587840-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 789], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTU1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "DNP3 - Function Reply", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DNP3 - Function Reply\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"fc_reply.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Reply\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "bd5435f0-4a4d-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c2587840-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 791], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTU2LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":32,\"w\":12,\"h\":24,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":20,\"y\":32,\"w\":12,\"h\":24,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":24,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":32,\"y\":32,\"w\":16,\"h\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":24,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]", "timeRestore": false, "title": "z16.04 - Bro - DNP3", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "2fdf5bf0-3581-11e7-98ef-19df58fe538b", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "593f1850-3581-11e7-98ef-19df58fe538b", "name": "panel_1", "type": "visualization"}, {"id": "dde8c8a0-3719-11e7-90f8-87842d5eedc9", "name": "panel_2", "type": "visualization"}, {"id": "ef7546c0-3719-11e7-90f8-87842d5eedc9", "name": "panel_3", "type": "visualization"}, {"id": "c2587840-342d-11e7-9e93-53b62e1857b2", "name": "panel_4", "type": "search"}, {"id": "4898f230-6e0e-11e7-8624-1fb07dd76c6a", "name": "panel_5", "type": "visualization"}, {"id": "AWDG9DWvxQT5EBNmq3-m", "name": "panel_6", "type": "visualization"}, {"id": "857c6760-4a4d-11e8-9b0a-f1d33346f773", "name": "panel_7", "type": "visualization"}, {"id": "bd5435f0-4a4d-11e8-9b0a-f1d33346f773", "name": "panel_8", "type": "visualization"}], "sort": [1643385898421, 801], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTU3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Intel - Seen (Donut Chart)", "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", "version": 1, "visState": "{\"title\":\"Intel - Seen (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"seen_where.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Seen (Where)\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "3013af40-399b-11e7-8472-0151e5b2b475", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "0d4e3a60-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 803], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTU4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "RADIUS - Authentication Result", "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", "version": 1, "visState": "{\"title\":\"RADIUS - Authentication Result\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"result.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "30348db0-4a5b-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "75545310-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 805], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTU5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SMB - File/Path Summary", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}", "version": 1, "visState": "{\"title\":\"SMB - File/Path Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"path.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"File Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"action.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "306c4330-4175-11e7-a0f7-47f4c03e3306", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "19849f30-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 807], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTYwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Sysmon - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Sysmon - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_hostname.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "3072c750-6d71-11e7-b09b-f57b22df6524", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "248c1d20-6d6b-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 809], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTYxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "title": "Security Onion - Navigation", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - Navigation\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645) \\n \\n**Event Category** \\n[Alert](/kibana/app/dashboards#/view/0e4af1d0-72ae-11ea-8dd2-9d8795a1200b) | \\n[File](/kibana/app/dashboards#/view/0245be10-6ec1-11ea-9266-1fd14ca6af34) |\\n[Host](/kibana/app/dashboards#/view/92e63cc0-6ec0-11ea-9266-1fd14ca6af34) | [Network](/kibana/app/dashboards#/view/04ff3ef0-6ea4-11ea-9266-1fd14ca6af34) \"},\"aggs\":[]}"}, "coreMigrationVersion": "7.16.2", "id": "8cfec8c0-6ec2-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [], "sort": [1643385898421, 810], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTYyLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"*\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":9,\"h\":8,\"i\":\"c706b8e5-9d49-4700-a3ea-26e86ac3a4c4\"},\"panelIndex\":\"c706b8e5-9d49-4700-a3ea-26e86ac3a4c4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":0,\"w\":16,\"h\":8,\"i\":\"77c5d557-83e4-40b9-9177-388db29d711d\"},\"panelIndex\":\"77c5d557-83e4-40b9-9177-388db29d711d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":8,\"i\":\"f044ff9c-455a-4085-88c8-92e9ead2bba0\"},\"panelIndex\":\"f044ff9c-455a-4085-88c8-92e9ead2bba0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"54873f75-4452-4938-840d-3a2f50547a88\"},\"panelIndex\":\"54873f75-4452-4938-840d-3a2f50547a88\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":8,\"w\":13,\"h\":19,\"i\":\"30749cb6-18ad-4069-b18d-5912086fff9c\"},\"panelIndex\":\"30749cb6-18ad-4069-b18d-5912086fff9c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":22,\"y\":8,\"w\":13,\"h\":19,\"i\":\"7c498d50-d009-493a-a8c9-c91303ad5556\"},\"panelIndex\":\"7c498d50-d009-493a-a8c9-c91303ad5556\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":35,\"y\":8,\"w\":13,\"h\":19,\"i\":\"2f69e716-e6e9-4595-801d-8f59b7d2c574\"},\"panelIndex\":\"2f69e716-e6e9-4595-801d-8f59b7d2c574\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":31,\"i\":\"6ddfd0a2-337e-47d1-8d4c-bc386a4210af\"},\"panelIndex\":\"6ddfd0a2-337e-47d1-8d4c-bc386a4210af\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]", "timeRestore": false, "title": "Security Onion - Indicator", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "30d0ac90-729f-11ea-8dd2-9d8795a1200b", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "8cfec8c0-6ec2-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "d9eb5b30-6ea9-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "ad398b70-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_3", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_5", "type": "visualization"}, {"id": "f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_6", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_7", "type": "search"}], "sort": [1643385898421, 819], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTYzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - HTTP - Destination IPs", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - HTTP - Destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "30e97190-6eb6-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9ee33aa0-6eb1-11ea-9266-1fd14ca6af34", "name": "search_0", "type": "search"}], "sort": [1643385898421, 821], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTY0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Weird - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Weird - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "312cd460-364e-11e7-9dc3-d35061cb642d", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "e32d0d50-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 823], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTY1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - RFB - Server Version", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - RFB - Server Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rfb.server_major_version.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.server_major_version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.server_minor_version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Minor Version\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "316e90a0-75c8-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 825], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTY2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "DHCP - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DHCP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "317f8410-3655-11e7-baa7-b7de4ee40605", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "ac1799d0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 827], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTY3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SMB - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SMB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "31f5e040-3aad-11e7-8b17-0d8709b02c80", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "19849f30-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 829], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTY4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"}, "title": "Security Onion - Host Data", "uiStateJSON": "{}", "version": 1, "visState": "{\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645) \\n \\n**Modules** \\n[Osquery](/kibana/app/dashboards#/view/bf7cf8d0-7732-11ea-bee5-af7f7c7b8e05) \\n[Sysmon](/kibana/app/dashboards#/view/32f01e80-c780-11ea-bebb-37c5ab5894ea) \\n[Wazuh](/kibana/app/dashboards#/view/9480f190-7732-11ea-bee5-af7f7c7b8e05) \\n\"},\"title\":\"Security Onion - Host Data\"}"}, "coreMigrationVersion": "7.16.2", "id": "df50eba0-6ec0-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [], "sort": [1643385898421, 830], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTY5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Username", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Username\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - Username\"}"}, "coreMigrationVersion": "7.16.2", "id": "767c89f0-af4c-11ea-b262-353d451b125b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 832], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTcwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Host - Process CLI", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Host - Process CLI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"process.command_line.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process.command_line.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command Line\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "758187b0-72bd-11ea-8dd2-9d8795a1200b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 834], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTcxLDE1XQ=="} +{"attributes": {"columns": ["host.name", "event.module", "event.dataset", "process.command_line", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.category:host \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [], "title": "Security Onion - Host Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "a866be10-0e45-11eb-a255-e1e8e85e3571", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 836], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTcyLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"event.module:sysmon\",\"language\":\"kuery\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":7,\"i\":\"7f9eaa30-b358-4027-a312-249defe273c4\"},\"panelIndex\":\"7f9eaa30-b358-4027-a312-249defe273c4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":7,\"y\":0,\"w\":17,\"h\":7,\"i\":\"ca041a33-b29f-4ce6-8762-2dd86a9c27a2\"},\"panelIndex\":\"ca041a33-b29f-4ce6-8762-2dd86a9c27a2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":7,\"i\":\"4e6cdaec-ad6d-46b2-abdc-7383382635c7\"},\"panelIndex\":\"4e6cdaec-ad6d-46b2-abdc-7383382635c7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":7,\"w\":12,\"h\":16,\"i\":\"a49b6a25-fbb1-45bb-9585-c6ade0fced1f\"},\"panelIndex\":\"a49b6a25-fbb1-45bb-9585-c6ade0fced1f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":12,\"y\":7,\"w\":12,\"h\":16,\"i\":\"0172c75f-b90b-4bd6-852f-0852a2ace598\"},\"panelIndex\":\"0172c75f-b90b-4bd6-852f-0852a2ace598\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":24,\"y\":7,\"w\":24,\"h\":16,\"i\":\"1d246882-3945-4a7e-b602-15ccf3f09310\"},\"panelIndex\":\"1d246882-3945-4a7e-b602-15ccf3f09310\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}},\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":23,\"w\":48,\"h\":31,\"i\":\"48739737-ef82-4533-9a8e-f9fe0f615b05\"},\"panelIndex\":\"48739737-ef82-4533-9a8e-f9fe0f615b05\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"}]", "timeRestore": false, "title": "Security Onion - Sysmon", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "32f01e80-c780-11ea-bebb-37c5ab5894ea", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "df50eba0-6ec0-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "ad398b70-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_3", "type": "visualization"}, {"id": "767c89f0-af4c-11ea-b262-353d451b125b", "name": "panel_4", "type": "visualization"}, {"id": "758187b0-72bd-11ea-8dd2-9d8795a1200b", "name": "panel_5", "type": "visualization"}, {"id": "a866be10-0e45-11eb-a255-e1e8e85e3571", "name": "panel_6", "type": "search"}], "sort": [1643385898421, 844], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTczLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - DNS - Query Type Name (Donut)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - DNS - Query Type Name (Donut)\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"dns.query.type_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true}}"}, "coreMigrationVersion": "7.16.2", "id": "336dbde0-88aa-11eb-9841-852c8cc8a2e8", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 846], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTc0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Tunnels - Action (Horizontal Bar Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Tunnels - Action (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"action.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "33b39a60-6e35-11e7-9a19-a5996f8250c6", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d26d5510-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 848], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTc1LDE1XQ=="} +{"attributes": {"columns": ["source_ip", "source_port", "destination_ip", "destination_port", "uid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_irc\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "IRC - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "344c6010-342e-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 850], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTc2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Bro - Syslog - Severity (Horizontal Bar Chart)", "uiStateJSON": "{\"vis\":{\"legendOpen\":false},\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}", "version": 1, "visState": "{\"title\":\"Bro - Syslog - Severity (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":false,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{\"text\":\"Severity\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"severity.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Severity\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "346e5c30-76b7-11e7-94e1-3d2ec4e57ed9", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "269ca380-76b4-11e7-8c3e-cfcdd8c95d87", "name": "search_0", "type": "search"}], "sort": [1643385898421, 852], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTc3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SMB - Share Type", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - SMB - Share Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smb.share_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "34762420-75f0-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 854], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTc4LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"265fc12b-5b8f-4440-9d9a-77ca0e8b2ac0": {"columnOrder": ["b2fc5f2d-52a4-4e20-9ca6-1afad1b8b45e"], "columns": {"b2fc5f2d-52a4-4e20-9ca6-1afad1b8b45e": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.category", "negate": false, "params": {"query": "file"}, "type": "phrase"}, "query": {"match_phrase": {"event.category": "file"}}}], "query": {"language": "kuery", "query": "event.category.keyword : \"file\""}, "visualization": {"accessor": "b2fc5f2d-52a4-4e20-9ca6-1afad1b8b45e", "layerId": "265fc12b-5b8f-4440-9d9a-77ca0e8b2ac0", "layerType": "data"}}, "title": "Endgame - File All Logs", "visualizationType": "lnsMetric"}, "coreMigrationVersion": "7.16.2", "id": "3505d400-6d6d-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-265fc12b-5b8f-4440-9d9a-77ca0e8b2ac0", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 859], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTc5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Intel - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Intel - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "361d0bd0-35b7-11e7-a994-c528746bc6e8", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "0d4e3a60-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 861], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTgwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - DHCP - Message Type", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dhcp.message_types.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message Type\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - DHCP - Message Type\"}"}, "coreMigrationVersion": "7.16.2", "id": "36200e40-c76b-11ea-bebb-37c5ab5894ea", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 863], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTgxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "osquery - Changes by Type", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"osquery - Changes by Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Change Type\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "369e16e0-14e4-11e9-82f7-0da02d93a48b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "84116380-14e1-11e9-82f7-0da02d93a48b", "name": "search_0", "type": "search"}], "sort": [1643385898421, 865], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTgyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SSL - Certificate Subject", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SSL - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_subject.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "3753e110-365a-11e7-bf60-314364dd1cde", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c8f21de0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 867], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTgzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - IRC - Command Info", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - IRC - Command Info\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"irc.command.info.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"irc.command.info.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command Info\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "db279540-75bb-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 869], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTg0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - User Command Overview", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - User Command Overview\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"irc.nickname.keyword: Descending\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Command Type\",\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"irc.username.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"irc.username.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"irc.nickname.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"irc.command.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command Type\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "f7ee5fb0-75bb-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 871], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTg1LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:irc\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"2d2b4444-14c0-4812-a22e-ca6d509a0c7f\"},\"panelIndex\":\"2d2b4444-14c0-4812-a22e-ca6d509a0c7f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"0035e7f6-2c85-494d-88aa-0f6ebc21f6c8\"},\"panelIndex\":\"0035e7f6-2c85-494d-88aa-0f6ebc21f6c8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"147c5d40-556b-4b41-a1bb-ed0976fae0c8\"},\"panelIndex\":\"147c5d40-556b-4b41-a1bb-ed0976fae0c8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":19,\"i\":\"9a9084a5-0f74-4bdd-befd-b9bece56ea53\"},\"panelIndex\":\"9a9084a5-0f74-4bdd-befd-b9bece56ea53\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":9,\"h\":19,\"i\":\"9ffba622-36f6-4343-b0a3-1c59e3f6d297\"},\"panelIndex\":\"9ffba622-36f6-4343-b0a3-1c59e3f6d297\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":17,\"y\":8,\"w\":15,\"h\":19,\"i\":\"f0f0af04-4f81-437a-ada5-173a1ef8bd11\"},\"panelIndex\":\"f0f0af04-4f81-437a-ada5-173a1ef8bd11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":19,\"i\":\"3dab7339-3266-4127-86f3-eef2108d5dbf\"},\"panelIndex\":\"3dab7339-3266-4127-86f3-eef2108d5dbf\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":47,\"h\":29,\"i\":\"f5bae4c6-d940-4a76-ba9c-3d5c5ab6849e\"},\"panelIndex\":\"f5bae4c6-d940-4a76-ba9c-3d5c5ab6849e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]", "timeRestore": false, "title": "Security Onion - IRC", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "38523560-75ba-11ea-9565-7315f4ee5cac", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "c879ad60-72a1-11ea-8dd2-9d8795a1200b", "name": "panel_2", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "db279540-75bb-11ea-9565-7315f4ee5cac", "name": "panel_5", "type": "visualization"}, {"id": "f7ee5fb0-75bb-11ea-9565-7315f4ee5cac", "name": "panel_6", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_7", "type": "search"}], "sort": [1643385898421, 880], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTg2LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"d1d0219a-3c5d-4c24-943c-dafe00421b26": {"columnOrder": ["e3d97be9-0be4-484c-96d1-4a0a448d0cc5", "caaf881d-e6f4-42fd-a4a1-4f31bac99ae1", "01d1bced-438c-4d43-8656-c0ccc397b73a", "32e4e9b9-39d0-4f61-827b-d04b53c6963d", "7351d5b7-3a5e-425e-ae08-c2ba2f5fb4b2"], "columns": {"01d1bced-438c-4d43-8656-c0ccc397b73a": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "process.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "7351d5b7-3a5e-425e-ae08-c2ba2f5fb4b2", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 10}, "scale": "ordinal", "sourceField": "process.name"}, "32e4e9b9-39d0-4f61-827b-d04b53c6963d": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "user.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "7351d5b7-3a5e-425e-ae08-c2ba2f5fb4b2", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "user.name"}, "7351d5b7-3a5e-425e-ae08-c2ba2f5fb4b2": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Total network.bytes", "operationType": "sum", "scale": "ratio", "sourceField": "network.bytes"}, "caaf881d-e6f4-42fd-a4a1-4f31bac99ae1": {"customLabel": true, "dataType": "ip", "isBucketed": true, "label": "destination.ip", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "7351d5b7-3a5e-425e-ae08-c2ba2f5fb4b2", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "destination.ip"}, "e3d97be9-0be4-484c-96d1-4a0a448d0cc5": {"customLabel": true, "dataType": "ip", "isBucketed": true, "label": "source.ip", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "7351d5b7-3a5e-425e-ae08-c2ba2f5fb4b2", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "source.ip"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.category", "negate": false, "params": {"query": "network"}, "type": "phrase"}, "query": {"match_phrase": {"event.category": "network"}}}], "query": {"language": "kuery", "query": ""}, "visualization": {"columns": [{"columnId": "01d1bced-438c-4d43-8656-c0ccc397b73a", "isTransposed": false}, {"columnId": "32e4e9b9-39d0-4f61-827b-d04b53c6963d", "isTransposed": false}, {"columnId": "7351d5b7-3a5e-425e-ae08-c2ba2f5fb4b2", "isTransposed": false}, {"columnId": "e3d97be9-0be4-484c-96d1-4a0a448d0cc5", "isTransposed": false}, {"columnId": "caaf881d-e6f4-42fd-a4a1-4f31bac99ae1", "isTransposed": false}], "layerId": "d1d0219a-3c5d-4c24-943c-dafe00421b26", "layerType": "data"}}, "title": "Endgame - Network Traffic", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "38c95ae0-6e4d-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-d1d0219a-3c5d-4c24-943c-dafe00421b26", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 885], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTg3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "NIDS - Alert Summary - Drilldown", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"NIDS - Alert Summary - Drilldown\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "3a1b54b0-e061-11e9-8f0c-2ddbf5ed9290", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9a5a35c0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 887], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTg4LDE1XQ=="} +{"attributes": {"columns": ["message"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:ossec_archive\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "OSSEC - Archive", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "ebf74e90-342f-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 889], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTg5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "OSSEC - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"OSSEC - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHHXl3xQT5EBNmq42U", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "efba60c0-3642-11e7-a6f7-4f44d7bf1c33", "name": "search_0", "type": "search"}], "sort": [1643385898421, 891], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTkwLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\",\"time_zone\":\"America/New_York\"}},\"language\":\"lucene\"},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":8,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"columns\":[\"alert_level\",\"classification\",\"description\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":28,\"x\":0,\"y\":48,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"columns\":[\"message\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"}]", "timeRestore": false, "title": "z16.04 - OSSEC", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "3a457d70-3583-11e7-a588-05992195c551", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "2817b300-3643-11e7-a6f7-4f44d7bf1c33", "name": "panel_1", "type": "visualization"}, {"id": "efba60c0-3642-11e7-a6f7-4f44d7bf1c33", "name": "panel_2", "type": "search"}, {"id": "ebf74e90-342f-11e7-9e93-53b62e1857b2", "name": "panel_3", "type": "search"}, {"id": "AWDHHXl3xQT5EBNmq42U", "name": "panel_4", "type": "visualization"}], "sort": [1643385898421, 897], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTkxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Endgame - All Log Count Over Time Stacked Bar Graph", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Endgame - All Log Count Over Time Stacked Bar Graph\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30m\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"group\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{},\"style\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"},\"style\":{}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":3}],\"addTooltip\":true,\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"addLegend\":true,\"legendPosition\":\"right\",\"fittingFunction\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"labels\":{},\"radiusRatio\":9,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"row\":true}}"}, "coreMigrationVersion": "7.16.2", "id": "3ae34620-6258-11ec-864c-8b5450f97635", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "endgame-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 900], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTkyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - MySQL - Response", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - MySQL - Response\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.response.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "3af496e0-75c0-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 902], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTkzLDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"9643f560-7a46-408c-b61d-ed2a87fc6103": {"columnOrder": ["305b2f21-9981-40d5-a79b-f7a78eea89b4", "3520723b-f0f3-4845-975c-e97380d8124b"], "columns": {"305b2f21-9981-40d5-a79b-f7a78eea89b4": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "process.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "3520723b-f0f3-4845-975c-e97380d8124b", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 20}, "scale": "ordinal", "sourceField": "process.name"}, "3520723b-f0f3-4845-975c-e97380d8124b": {"dataType": "number", "isBucketed": false, "label": "Count of records", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": "event.kind : \"alert\" "}, "visualization": {"layers": [{"categoryDisplay": "default", "groups": ["305b2f21-9981-40d5-a79b-f7a78eea89b4"], "layerId": "9643f560-7a46-408c-b61d-ed2a87fc6103", "layerType": "data", "legendDisplay": "default", "metric": "3520723b-f0f3-4845-975c-e97380d8124b", "nestedLegend": false, "numberDisplay": "percent"}], "palette": {"name": "kibana_palette", "type": "palette"}, "shape": "treemap"}}, "title": "Endgame - Alerted Processes", "visualizationType": "lnsPie"}, "coreMigrationVersion": "7.16.2", "id": "3b3e2860-6cc1-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-9643f560-7a46-408c-b61d-ed2a87fc6103", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 906], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTk0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Endgame - Hosts", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Endgame - Hosts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"showToolbar\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"}, "coreMigrationVersion": "7.16.2", "id": "3b50b220-53ab-11ec-b3ef-6bcc33056a36", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "endgame-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 908], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTk1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"}, "savedSearchRefName": "search_0", "title": "Sysmon - Image", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}", "version": 1, "visState": "{\"title\":\"Sysmon - Image\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"image_path.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"None\",\"exclude\":\"\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Image\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"parent_image_path.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"None\",\"exclude\":\"\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Parent Image\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "3b6c92c0-6d72-11e7-b09b-f57b22df6524", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "248c1d20-6d6b-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 910], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTk2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Syslog - Priority (Vertical bar Chart)", "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", "version": 1, "visState": "{\"title\":\"Syslog - Priority (Vertical bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Priority\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"syslog-priority.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Priority\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "3bf1fdc0-76e6-11e7-ab14-e1a4c1bc11e0", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0", "name": "search_0", "type": "search"}], "sort": [1643385898421, 912], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTk3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "IRC - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"IRC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "3c073d20-6e17-11e7-8624-1fb07dd76c6a", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "344c6010-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 914], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTk4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Modbus - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Modbus - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "3c65f500-380b-11e7-a1cc-ebc6a7e70e84", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "52dc9fe0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 916], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzEzOTk5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Tunnels - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Tunnels - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "3cdf2400-3808-11e7-a1cc-ebc6a7e70e84", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d26d5510-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 918], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDAwLDE1XQ=="} +{"attributes": {"description": null, "state": {"datasourceStates": {"indexpattern": {"layers": {"ada16f03-98be-4005-a5de-c8d6ab2f41b0": {"columnOrder": ["c6cd0d5c-dbcb-47e3-9849-af365d083036", "b8110029-a497-4182-982f-dc8a78dc672d", "ae6e4640-cf44-48dd-9d9d-8849ed9af262"], "columns": {"ae6e4640-cf44-48dd-9d9d-8849ed9af262": {"dataType": "number", "isBucketed": false, "label": "Count of records", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "b8110029-a497-4182-982f-dc8a78dc672d": {"dataType": "string", "isBucketed": true, "label": "Top values of event.module.keyword", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "ae6e4640-cf44-48dd-9d9d-8849ed9af262", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "event.module.keyword"}, "c6cd0d5c-dbcb-47e3-9849-af365d083036": {"dataType": "string", "isBucketed": true, "label": "Top values of event.category.keyword", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "ae6e4640-cf44-48dd-9d9d-8849ed9af262", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 5}, "scale": "ordinal", "sourceField": "event.category.keyword"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": ""}, "visualization": {"layers": [{"categoryDisplay": "default", "groups": ["c6cd0d5c-dbcb-47e3-9849-af365d083036", "b8110029-a497-4182-982f-dc8a78dc672d"], "layerId": "ada16f03-98be-4005-a5de-c8d6ab2f41b0", "layerType": "data", "legendDisplay": "default", "metric": "ae6e4640-cf44-48dd-9d9d-8849ed9af262", "nestedLegend": true, "numberDisplay": "percent", "percentDecimals": 2}], "palette": {"name": "status", "type": "palette"}, "shape": "pie"}}, "title": "Security Onion - Data Overview (Lens)", "visualizationType": "lnsPie"}, "coreMigrationVersion": "7.16.2", "id": "3e1a8260-8809-11eb-9841-852c8cc8a2e8", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "logs-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29", "name": "indexpattern-datasource-layer-ada16f03-98be-4005-a5de-c8d6ab2f41b0", "type": "index-pattern"}], "sort": [1643385898421, 921], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDAxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - File - Source", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - File - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.action.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "3e6037d0-75f2-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 923], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDAyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "NIDS - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"NIDS - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "3f040620-4a44-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9a5a35c0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 925], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDAzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Kerberos - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Kerberos - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "3f34faa0-3636-11e7-a6f7-4f44d7bf1c33", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "452daa10-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 927], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDA0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Agent - Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Agent - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "407784f0-7738-11ea-bee5-af7f7c7b8e05", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 929], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDA1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Connections - Top 10 - Total Bytes By Source IP", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Source IP\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Source IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"left\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"source_ip\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source_ip\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "41a33c80-3b0d-11e7-a6f9-5d3fe735ec2b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 931], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDA2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "X.509 - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"X.509 - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "41bee360-3642-11e7-a6f7-4f44d7bf1c33", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "f5038cc0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 933], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDA3LDE1XQ=="} +{"attributes": {"columns": ["_source"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND _exists_:creation_date AND creation_date:[now-3M TO now]\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "DNS - Domains with creation date < 3 months", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "fce833e0-6f12-11e7-86c8-a1b6db3b051a", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 935], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDA4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "DNS - Baby Domain Requests", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DNS - Baby Domain Requests\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"highest_registered_domain.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"creation_date\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"_term\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "41ec0ca0-6f13-11e7-86c8-a1b6db3b051a", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "fce833e0-6f12-11e7-86c8-a1b6db3b051a", "name": "search_0", "type": "search"}], "sort": [1643385898421, 937], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDA5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SNMP - Community String", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - SNMP - Community String\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"snmp.community.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"snmp.community.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Community String\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "424ace90-75e9-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 939], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDEwLDE1XQ=="} +{"attributes": {"columns": [], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"process\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.category\":\"process\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Endgame - Process Search", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "424d7a60-6f0b-11ec-864c-8b5450f97635", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "endgame-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}, {"id": "endgame-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", "type": "index-pattern"}], "sort": [1643385898421, 942], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDExLDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"10863c78-73fc-4739-88ea-b6e3419da4db": {"columnOrder": ["e472c6a1-d786-43f7-95f0-df55a990e268", "4e101a7c-04a5-4ab9-96c5-ef10fc92547b"], "columns": {"4e101a7c-04a5-4ab9-96c5-ef10fc92547b": {"dataType": "number", "isBucketed": false, "label": "Count of records", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "e472c6a1-d786-43f7-95f0-df55a990e268": {"dataType": "date", "isBucketed": true, "label": "@timestamp", "operationType": "date_histogram", "params": {"interval": "auto"}, "scale": "interval", "sourceField": "@timestamp"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.category", "negate": false, "params": {"query": "file"}, "type": "phrase"}, "query": {"match_phrase": {"event.category": "file"}}}], "query": {"language": "kuery", "query": ""}, "visualization": {"axisTitlesVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "fittingFunction": "None", "gridlinesVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "labelsOrientation": {"x": 0, "yLeft": 0, "yRight": 0}, "layers": [{"accessors": ["4e101a7c-04a5-4ab9-96c5-ef10fc92547b"], "layerId": "10863c78-73fc-4739-88ea-b6e3419da4db", "layerType": "data", "position": "top", "seriesType": "line", "showGridlines": false, "xAccessor": "e472c6a1-d786-43f7-95f0-df55a990e268"}], "legend": {"isVisible": true, "position": "right"}, "preferredSeriesType": "line", "tickLabelsVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "valueLabels": "hide", "yLeftExtent": {"mode": "full"}, "yRightExtent": {"mode": "full"}}}, "title": "Endgame - File Log Count Over Time", "visualizationType": "lnsXY"}, "coreMigrationVersion": "7.16.2", "id": "42a22c30-6d6d-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-10863c78-73fc-4739-88ea-b6e3419da4db", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 947], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDEyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "DCE/RPC - Summary", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DCE/RPC - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"endpoint.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"operation.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"named_pipe.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "42b17660-4a47-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "913c5b80-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 949], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDEzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Syslog - Log Count Over Time", "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", "version": 1, "visState": "{\"title\":\"Syslog - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 10 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "79a2a4e0-76e5-11e7-ab14-e1a4c1bc11e0", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0", "name": "search_0", "type": "search"}], "sort": [1643385898421, 951], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDE0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Syslog - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Syslog - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-sourceip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "e7a99b10-76e5-11e7-ab14-e1a4c1bc11e0", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0", "name": "search_0", "type": "search"}], "sort": [1643385898421, 953], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDE1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Syslog - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"Syslog - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHKVLMxQT5EBNmq5HX", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0", "name": "search_0", "type": "search"}], "sort": [1643385898421, 955], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDE2LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\",\"time_zone\":\"America/New_York\"}},\"language\":\"lucene\"},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":24,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":16,\"x\":8,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":60,\"x\":0,\"y\":48,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"syslog-host_from\",\"syslog-priority\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_6\"}]", "timeRestore": false, "title": "z16.04 - Syslog", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "4323af90-76e5-11e7-ab14-e1a4c1bc11e0", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "79a2a4e0-76e5-11e7-ab14-e1a4c1bc11e0", "name": "panel_1", "type": "visualization"}, {"id": "e7a99b10-76e5-11e7-ab14-e1a4c1bc11e0", "name": "panel_2", "type": "visualization"}, {"id": "0a2ce700-76e6-11e7-ab14-e1a4c1bc11e0", "name": "panel_3", "type": "visualization"}, {"id": "3bf1fdc0-76e6-11e7-ab14-e1a4c1bc11e0", "name": "panel_4", "type": "visualization"}, {"id": "5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0", "name": "panel_5", "type": "search"}, {"id": "AWDHKVLMxQT5EBNmq5HX", "name": "panel_6", "type": "visualization"}], "sort": [1643385898421, 963], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDE3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Tunnels - Type (Pie Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Tunnels - Type (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tunnel_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "43b2b040-3807-11e7-a1cc-ebc6a7e70e84", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d26d5510-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 965], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDE4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "X.509 - Certificate Key Algorithm (Horizontal Bar Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"X.509 - Certificate Key Algorithm (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"certificate_key_algorithm.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Algorithm\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "446e85c0-6e37-11e7-a8d6-ed2e692de531", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "f5038cc0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 967], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDE5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - Least Common HTTP Methods", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - Least Common HTTP Methods\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":13,\"maxFontSize\":39,\"showLabel\":false,\"metric\":{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}}},\"bucket\":{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.method.keyword\",\"orderBy\":\"1\",\"order\":\"asc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "6411e5b0-6eb2-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9ee33aa0-6eb1-11ea-9266-1fd14ca6af34", "name": "search_0", "type": "search"}], "sort": [1643385898421, 969], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDIwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - HTTP - Source IPs", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - HTTP - Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "6d0fb2b0-6eb6-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9ee33aa0-6eb1-11ea-9266-1fd14ca6af34", "name": "search_0", "type": "search"}], "sort": [1643385898421, 971], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDIxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - HTTP - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - HTTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"destination.port: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "51ad64d0-6eb7-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9ee33aa0-6eb1-11ea-9266-1fd14ca6af34", "name": "search_0", "type": "search"}], "sort": [1643385898421, 973], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDIyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - HTTP - UserAgent", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - HTTP - UserAgent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.useragent.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"UserAgent\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "c2f93f40-6ed7-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9ee33aa0-6eb1-11ea-9266-1fd14ca6af34", "name": "search_0", "type": "search"}], "sort": [1643385898421, 975], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDIzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - HTTP - URI", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - HTTP - URI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"http.uri.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.uri.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"URI\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "f22e8660-6eb6-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9ee33aa0-6eb1-11ea-9266-1fd14ca6af34", "name": "search_0", "type": "search"}], "sort": [1643385898421, 977], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDI0LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:http\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"6e3caf86-a1ea-4363-9c73-205de5f43ba9\"},\"panelIndex\":\"6e3caf86-a1ea-4363-9c73-205de5f43ba9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":14,\"y\":0,\"w\":16,\"h\":9,\"i\":\"0b0546ef-637b-4a40-b87b-a454b78cc810\"},\"panelIndex\":\"0b0546ef-637b-4a40-b87b-a454b78cc810\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":9,\"i\":\"9c49b93a-5b5d-4613-8342-c01c69970bce\"},\"panelIndex\":\"9c49b93a-5b5d-4613-8342-c01c69970bce\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":18,\"i\":\"15d7c88b-1619-4290-8968-fa2adfddd72f\"},\"panelIndex\":\"15d7c88b-1619-4290-8968-fa2adfddd72f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":18,\"i\":\"d1219968-6b7f-4040-9c75-0611b9cbf8a0\"},\"panelIndex\":\"d1219968-6b7f-4040-9c75-0611b9cbf8a0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":9,\"w\":9,\"h\":18,\"i\":\"377e3099-7aec-474c-9201-2f1845c58d24\"},\"panelIndex\":\"377e3099-7aec-474c-9201-2f1845c58d24\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":25,\"y\":9,\"w\":23,\"h\":18,\"i\":\"1b444602-2f1c-4c32-85fc-1e5f46235303\"},\"panelIndex\":\"1b444602-2f1c-4c32-85fc-1e5f46235303\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":11,\"h\":18,\"i\":\"9b1df72c-b6fd-4abd-a961-32176c26cc3d\"},\"panelIndex\":\"9b1df72c-b6fd-4abd-a961-32176c26cc3d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":11,\"y\":27,\"w\":10,\"h\":18,\"i\":\"52c3ab70-9b8d-4c26-953d-f1a943fdff38\"},\"panelIndex\":\"52c3ab70-9b8d-4c26-953d-f1a943fdff38\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":21,\"y\":27,\"w\":27,\"h\":18,\"i\":\"ea97cb71-fbb6-46ae-bb4a-4d01c3a6edb2\"},\"panelIndex\":\"ea97cb71-fbb6-46ae-bb4a-4d01c3a6edb2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":29,\"i\":\"17d41692-eb81-4c13-aaa3-2a4bccc125df\"},\"panelIndex\":\"17d41692-eb81-4c13-aaa3-2a4bccc125df\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"}]", "timeRestore": false, "title": "Security Onion - HTTP", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "44e9c820-6eb1-11ea-9266-1fd14ca6af34", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "6411e5b0-6eb2-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "6d0fb2b0-6eb6-11ea-9266-1fd14ca6af34", "name": "panel_3", "type": "visualization"}, {"id": "30e97190-6eb6-11ea-9266-1fd14ca6af34", "name": "panel_4", "type": "visualization"}, {"id": "51ad64d0-6eb7-11ea-9266-1fd14ca6af34", "name": "panel_5", "type": "visualization"}, {"id": "c2f93f40-6ed7-11ea-9266-1fd14ca6af34", "name": "panel_6", "type": "visualization"}, {"id": "088aad70-7377-11ea-a3da-cbdb4f8a90c0", "name": "panel_7", "type": "visualization"}, {"id": "28bf2ef0-6eb7-11ea-9266-1fd14ca6af34", "name": "panel_8", "type": "visualization"}, {"id": "f22e8660-6eb6-11ea-9266-1fd14ca6af34", "name": "panel_9", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_10", "type": "search"}], "sort": [1643385898421, 989], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDI1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Modbus - Function", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Modbus - Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"function.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Function\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "453f8b90-4a58-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "52dc9fe0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 991], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDI2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "NIDS Alerts - Category", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"NIDS Alerts - Category\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":200},\"position\":\"left\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Category\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":75,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"bottom\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"category.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Category\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "45464b50-3af6-11e7-a83b-b1b4da7d15f4", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9a5a35c0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 993], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDI3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "DNS - Query Class (Pie Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"DNS - Query Class (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"query_class_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query Class\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "45a652b0-34c1-11e7-917c-af7a9d11771a", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d46522e0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 995], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDI4LDE1XQ=="} +{"attributes": {"columns": ["message", "fuid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_pe\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "PE - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "66288140-342e-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 997], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDI5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "PE - OS (Pie Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"PE - OS (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"os.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "45c4ae10-380c-11e7-a1cc-ebc6a7e70e84", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "66288140-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 999], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDMwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SSH - Server", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - SSH - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssh.server.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssh.server.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "46221fe0-75ea-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1001], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDMxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "DCE/RPC - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"DCE/RPC - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "cbb67b00-3af2-11e7-a83b-b1b4da7d15f4", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "913c5b80-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1003], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDMyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "DCE/RPC - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DCE/RPC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "f52f8bc0-3af2-11e7-a83b-b1b4da7d15f4", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "913c5b80-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1005], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDMzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "DCE/RPC - Endpoint", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DCE/RPC - Endpoint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"endpoint.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "553acbb0-3af3-11e7-a83b-b1b4da7d15f4", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "913c5b80-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1007], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDM0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "DCE/RPC - Named Pipe", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DCE/RPC - Named Pipe\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"named_pipe.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "6b7122d0-3af3-11e7-a83b-b1b4da7d15f4", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "913c5b80-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1009], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDM1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "DCE/RPC - Operation", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DCE/RPC - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"operation.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "86107960-3af3-11e7-a83b-b1b4da7d15f4", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "913c5b80-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1011], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDM2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "DCE/RPC - Round Trip Time", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DCE/RPC - Round Trip Time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rtt\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Round Trip Time\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "f275f490-3af3-11e7-a83b-b1b4da7d15f4", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "913c5b80-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1013], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDM3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "DCE/RPC - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"DCE/RPC - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDG8k4OxQT5EBNmq37a", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "913c5b80-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1015], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDM4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "DCE/RPC - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DCE/RPC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "d979b0f0-4a45-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "913c5b80-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1017], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDM5LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":104,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":56,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":56,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":80,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":8,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":80,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"}]", "timeRestore": false, "title": "z16.04 - Bro - DCE/RPC", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "46582d50-3af2-11e7-a83b-b1b4da7d15f4", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "913c5b80-3aab-11e7-8b17-0d8709b02c80", "name": "panel_0", "type": "search"}, {"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_1", "type": "visualization"}, {"id": "cbb67b00-3af2-11e7-a83b-b1b4da7d15f4", "name": "panel_2", "type": "visualization"}, {"id": "f52f8bc0-3af2-11e7-a83b-b1b4da7d15f4", "name": "panel_3", "type": "visualization"}, {"id": "10b8a610-3af3-11e7-a83b-b1b4da7d15f4", "name": "panel_4", "type": "visualization"}, {"id": "553acbb0-3af3-11e7-a83b-b1b4da7d15f4", "name": "panel_5", "type": "visualization"}, {"id": "6b7122d0-3af3-11e7-a83b-b1b4da7d15f4", "name": "panel_6", "type": "visualization"}, {"id": "86107960-3af3-11e7-a83b-b1b4da7d15f4", "name": "panel_7", "type": "visualization"}, {"id": "f275f490-3af3-11e7-a83b-b1b4da7d15f4", "name": "panel_8", "type": "visualization"}, {"id": "AWDG8k4OxQT5EBNmq37a", "name": "panel_9", "type": "visualization"}, {"id": "d979b0f0-4a45-11e8-9b0a-f1d33346f773", "name": "panel_10", "type": "visualization"}, {"id": "42b17660-4a47-11e8-9b0a-f1d33346f773", "name": "panel_11", "type": "visualization"}], "sort": [1643385898421, 1030], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDQwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Intel - Source", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Intel - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sources.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "613de590-399b-11e7-8472-0151e5b2b475", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "0d4e3a60-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1032], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDQxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Intel - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Intel - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "a5571030-399b-11e7-8472-0151e5b2b475", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "0d4e3a60-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1034], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDQyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Intel - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Intel - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "ba2d3b10-399b-11e7-8472-0151e5b2b475", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "0d4e3a60-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1036], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDQzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Intel - Indicator", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Intel - Indicator\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"indicator.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Indicator\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "6380b430-399c-11e7-8472-0151e5b2b475", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "0d4e3a60-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1038], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDQ0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Intel - MIME Type", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Intel - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mimetype.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "af614b80-399c-11e7-8472-0151e5b2b475", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "0d4e3a60-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1040], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDQ1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Intel - Matched", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Intel - Matched\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"matched.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type Matched\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "c8540380-399c-11e7-8472-0151e5b2b475", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "0d4e3a60-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1042], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDQ2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Intel - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Intel - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "a5bcec80-6e15-11e7-8624-1fb07dd76c6a", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "0d4e3a60-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1044], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDQ3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Intel - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"Intel - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDG-Qf8xQT5EBNmq4G5", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "0d4e3a60-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1046], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDQ4LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":16,\"x\":8,\"y\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":72,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":72,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":28,\"h\":24,\"x\":20,\"y\":48,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":0,\"y\":48,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":96,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"uid\",\"fuid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":72,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":16,\"x\":28,\"y\":8,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"}]", "timeRestore": false, "title": "z16.04 - Bro - Intel", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "468022c0-3583-11e7-a588-05992195c551", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "361d0bd0-35b7-11e7-a994-c528746bc6e8", "name": "panel_1", "type": "visualization"}, {"id": "3013af40-399b-11e7-8472-0151e5b2b475", "name": "panel_2", "type": "visualization"}, {"id": "613de590-399b-11e7-8472-0151e5b2b475", "name": "panel_3", "type": "visualization"}, {"id": "a5571030-399b-11e7-8472-0151e5b2b475", "name": "panel_4", "type": "visualization"}, {"id": "ba2d3b10-399b-11e7-8472-0151e5b2b475", "name": "panel_5", "type": "visualization"}, {"id": "6380b430-399c-11e7-8472-0151e5b2b475", "name": "panel_6", "type": "visualization"}, {"id": "af614b80-399c-11e7-8472-0151e5b2b475", "name": "panel_7", "type": "visualization"}, {"id": "c8540380-399c-11e7-8472-0151e5b2b475", "name": "panel_8", "type": "visualization"}, {"id": "0d4e3a60-342e-11e7-9e93-53b62e1857b2", "name": "panel_9", "type": "search"}, {"id": "a5bcec80-6e15-11e7-8624-1fb07dd76c6a", "name": "panel_10", "type": "visualization"}, {"id": "07622d60-6e16-11e7-8624-1fb07dd76c6a", "name": "panel_11", "type": "visualization"}, {"id": "AWDG-Qf8xQT5EBNmq4G5", "name": "panel_12", "type": "visualization"}], "sort": [1643385898421, 1060], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDQ5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Autoruns - Category", "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", "version": 1, "visState": "{\"title\":\"Autoruns - Category\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"title\":{\"text\":\"Category\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"category.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Category\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "482be9b0-6d78-11e7-b09b-f57b22df6524", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "dd700830-6d69-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1062], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDUwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Kerberos - Service", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Kerberos - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"kerberos.service.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"kerberos.service.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "48331f00-75bd-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1064], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDUxLDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"860e44c0-e06a-4d8a-9172-b542532df353": {"columnOrder": ["55eacb06-199f-41eb-b6dc-b5b1407b7073", "0c6f3897-05c7-4aa3-90e5-17f58946a3af", "63defa8c-527b-4165-9fb9-4e564bd03695"], "columns": {"0c6f3897-05c7-4aa3-90e5-17f58946a3af": {"dataType": "date", "isBucketed": true, "label": "@timestamp", "operationType": "date_histogram", "params": {"interval": "auto"}, "scale": "interval", "sourceField": "@timestamp"}, "55eacb06-199f-41eb-b6dc-b5b1407b7073": {"dataType": "string", "isBucketed": true, "label": "Top values of event.action", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "63defa8c-527b-4165-9fb9-4e564bd03695", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 5}, "scale": "ordinal", "sourceField": "event.action"}, "63defa8c-527b-4165-9fb9-4e564bd03695": {"dataType": "number", "isBucketed": false, "label": "Count of records", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.category", "negate": false, "params": {"query": "file"}, "type": "phrase"}, "query": {"match_phrase": {"event.category": "file"}}}], "query": {"language": "kuery", "query": ""}, "visualization": {"axisTitlesVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "fittingFunction": "None", "gridlinesVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "labelsOrientation": {"x": 0, "yLeft": 0, "yRight": 0}, "layers": [{"accessors": ["63defa8c-527b-4165-9fb9-4e564bd03695"], "layerId": "860e44c0-e06a-4d8a-9172-b542532df353", "layerType": "data", "position": "top", "seriesType": "bar_stacked", "showGridlines": false, "splitAccessor": "55eacb06-199f-41eb-b6dc-b5b1407b7073", "xAccessor": "0c6f3897-05c7-4aa3-90e5-17f58946a3af"}], "legend": {"isVisible": true, "position": "right"}, "preferredSeriesType": "bar_stacked", "tickLabelsVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "valueLabels": "hide", "yLeftExtent": {"mode": "full"}, "yRightExtent": {"mode": "full"}}}, "title": "Endgame - File Event Action", "visualizationType": "lnsXY"}, "coreMigrationVersion": "7.16.2", "id": "4d6bdc60-6d6d-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-860e44c0-e06a-4d8a-9172-b542532df353", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1069], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDUyLDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"b12aced8-11a0-4a83-a7c5-129f142e8f04": {"columnOrder": ["bc61b519-0caa-4bf7-bbe7-6077fb307d0a", "f549d182-14e5-4395-b185-4cd192e4030c"], "columns": {"bc61b519-0caa-4bf7-bbe7-6077fb307d0a": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "user.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "f549d182-14e5-4395-b185-4cd192e4030c", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 20}, "scale": "ordinal", "sourceField": "user.name"}, "f549d182-14e5-4395-b185-4cd192e4030c": {"dataType": "number", "isBucketed": false, "label": "Count of records", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.category", "negate": false, "params": {"query": "file"}, "type": "phrase"}, "query": {"match_phrase": {"event.category": "file"}}}], "query": {"language": "kuery", "query": ""}, "visualization": {"columns": [{"columnId": "bc61b519-0caa-4bf7-bbe7-6077fb307d0a"}, {"columnId": "f549d182-14e5-4395-b185-4cd192e4030c"}], "layerId": "b12aced8-11a0-4a83-a7c5-129f142e8f04", "layerType": "data"}}, "title": "Endgame - File Username", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "5a43fa30-6d6d-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-b12aced8-11a0-4a83-a7c5-129f142e8f04", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1074], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDUzLDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"e5f77e35-1bc5-4487-9602-e2962cafa87b": {"columnOrder": ["ade5af28-bac8-4a2d-adff-28580282a9d2", "bb5f0057-5e74-4baf-9839-aff53de6d145", "e480935c-b388-48c6-9582-fb4600b462fb"], "columns": {"ade5af28-bac8-4a2d-adff-28580282a9d2": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "file.name", "operationType": "terms", "params": {"missingBucket": true, "orderBy": {"columnId": "e480935c-b388-48c6-9582-fb4600b462fb", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 25}, "scale": "ordinal", "sourceField": "file.name"}, "bb5f0057-5e74-4baf-9839-aff53de6d145": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "file.path", "operationType": "terms", "params": {"missingBucket": true, "orderBy": {"columnId": "e480935c-b388-48c6-9582-fb4600b462fb", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "file.path"}, "e480935c-b388-48c6-9582-fb4600b462fb": {"dataType": "number", "isBucketed": false, "label": "Count of records", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.category", "negate": false, "params": {"query": "file"}, "type": "phrase"}, "query": {"match_phrase": {"event.category": "file"}}}], "query": {"language": "kuery", "query": ""}, "visualization": {"columns": [{"columnId": "ade5af28-bac8-4a2d-adff-28580282a9d2", "isTransposed": false}, {"columnId": "e480935c-b388-48c6-9582-fb4600b462fb", "isTransposed": false}, {"columnId": "bb5f0057-5e74-4baf-9839-aff53de6d145", "isTransposed": false}], "layerId": "e5f77e35-1bc5-4487-9602-e2962cafa87b", "layerType": "data"}}, "title": "Endgame - File Name", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "676296e0-6d6d-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-e5f77e35-1bc5-4487-9602-e2962cafa87b", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1079], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDU0LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"377145dd-d931-4e01-8719-fa4e36df631a": {"columnOrder": ["6ba09492-0ce8-4f51-9263-e85a0a74225c", "123ad80c-6989-4387-a25a-9f0a60d6ea7b"], "columns": {"123ad80c-6989-4387-a25a-9f0a60d6ea7b": {"dataType": "number", "isBucketed": false, "label": "Count of records", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "6ba09492-0ce8-4f51-9263-e85a0a74225c": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "host.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "123ad80c-6989-4387-a25a-9f0a60d6ea7b", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 5}, "scale": "ordinal", "sourceField": "host.name"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.category", "negate": false, "params": {"query": "file"}, "type": "phrase"}, "query": {"match_phrase": {"event.category": "file"}}}], "query": {"language": "kuery", "query": ""}, "visualization": {"columns": [{"columnId": "6ba09492-0ce8-4f51-9263-e85a0a74225c"}, {"columnId": "123ad80c-6989-4387-a25a-9f0a60d6ea7b"}], "layerId": "377145dd-d931-4e01-8719-fa4e36df631a", "layerType": "data"}}, "title": "Endgame - File Hostname", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "74daec50-6d6d-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-377145dd-d931-4e01-8719-fa4e36df631a", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1084], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDU1LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"3320254d-3b41-4746-946e-70357e58da19": {"columnOrder": ["4a9a0ae7-34cc-407e-8f0c-a60c234179b7", "9ee7fb17-68de-4b29-b3e8-21336f4b15ca"], "columns": {"4a9a0ae7-34cc-407e-8f0c-a60c234179b7": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "event.type", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "9ee7fb17-68de-4b29-b3e8-21336f4b15ca", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 5}, "scale": "ordinal", "sourceField": "event.type"}, "9ee7fb17-68de-4b29-b3e8-21336f4b15ca": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.category", "negate": false, "params": {"query": "file"}, "type": "phrase"}, "query": {"match_phrase": {"event.category": "file"}}}], "query": {"language": "kuery", "query": ""}, "visualization": {"layers": [{"categoryDisplay": "default", "groups": ["4a9a0ae7-34cc-407e-8f0c-a60c234179b7"], "layerId": "3320254d-3b41-4746-946e-70357e58da19", "layerType": "data", "legendDisplay": "default", "metric": "9ee7fb17-68de-4b29-b3e8-21336f4b15ca", "nestedLegend": false, "numberDisplay": "percent"}], "shape": "donut"}}, "title": "Endgame - File Event Type (Donut)", "visualizationType": "lnsPie"}, "coreMigrationVersion": "7.16.2", "id": "82ab9af0-6d6d-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-3320254d-3b41-4746-946e-70357e58da19", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1089], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDU2LDE1XQ=="} +{"attributes": {"columns": ["file.name", "file.directory"], "description": "", "grid": {}, "hideChart": false, "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Endgame - File Search", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "90facda0-6f08-11ec-864c-8b5450f97635", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "endgame-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}, {"id": "endgame-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", "type": "index-pattern"}], "sort": [1643385898421, 1092], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDU3LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"}, "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}", "panelsJSON": "[{\"version\":\"7.16.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":10,\"h\":12,\"i\":\"d3fd89cc-9483-41b1-90e8-c2e86b862d4c\"},\"panelIndex\":\"d3fd89cc-9483-41b1-90e8-c2e86b862d4c\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635) \\n \\n**Event Category** \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame** \\n[Endgame Alerts](https://ENDGAMEHOST/alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}},\"panelRefName\":\"panel_d3fd89cc-9483-41b1-90e8-c2e86b862d4c\"},{\"version\":\"7.16.2\",\"type\":\"lens\",\"gridData\":{\"x\":10,\"y\":0,\"w\":13,\"h\":12,\"i\":\"dcf897df-beb2-4a1b-86b2-4b8b0370aa94\"},\"panelIndex\":\"dcf897df-beb2-4a1b-86b2-4b8b0370aa94\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"id\":\"3505d400-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94\",\"type\":\"lens\"},{\"id\":\"3505d400-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94\",\"type\":\"lens\"},{\"id\":\"3505d400-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94\",\"type\":\"lens\"},{\"id\":\"3505d400-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-265fc12b-5b8f-4440-9d9a-77ca0e8b2ac0\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"265fc12b-5b8f-4440-9d9a-77ca0e8b2ac0\",\"accessor\":\"b2fc5f2d-52a4-4e20-9ca6-1afad1b8b45e\",\"layerType\":\"data\"},\"query\":{\"query\":\"event.category.keyword : \\\"file\\\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"indexRefName\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"265fc12b-5b8f-4440-9d9a-77ca0e8b2ac0\":{\"columns\":{\"b2fc5f2d-52a4-4e20-9ca6-1afad1b8b45e\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"b2fc5f2d-52a4-4e20-9ca6-1afad1b8b45e\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - File All Logs\",\"panelRefName\":\"panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94\"},{\"version\":\"7.16.2\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":12,\"i\":\"fb5061a4-571d-4f4d-a3b5-fd7851d324ca\"},\"panelIndex\":\"fb5061a4-571d-4f4d-a3b5-fd7851d324ca\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"42a22c30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca\",\"type\":\"lens\"},{\"id\":\"42a22c30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca\",\"type\":\"lens\"},{\"id\":\"42a22c30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca\",\"type\":\"lens\"},{\"id\":\"42a22c30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-10863c78-73fc-4739-88ea-b6e3419da4db\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"line\",\"layers\":[{\"layerId\":\"10863c78-73fc-4739-88ea-b6e3419da4db\",\"accessors\":[\"4e101a7c-04a5-4ab9-96c5-ef10fc92547b\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"e472c6a1-d786-43f7-95f0-df55a990e268\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"indexRefName\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"10863c78-73fc-4739-88ea-b6e3419da4db\":{\"columns\":{\"e472c6a1-d786-43f7-95f0-df55a990e268\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"4e101a7c-04a5-4ab9-96c5-ef10fc92547b\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"e472c6a1-d786-43f7-95f0-df55a990e268\",\"4e101a7c-04a5-4ab9-96c5-ef10fc92547b\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - File Log Count Over Time\",\"panelRefName\":\"panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca\"},{\"version\":\"7.16.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":12,\"w\":32,\"h\":16,\"i\":\"30774bd7-ee7f-4c21-aa67-104e961664ee\"},\"panelIndex\":\"30774bd7-ee7f-4c21-aa67-104e961664ee\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"4d6bdc60-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_30774bd7-ee7f-4c21-aa67-104e961664ee\",\"type\":\"lens\"},{\"id\":\"4d6bdc60-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_30774bd7-ee7f-4c21-aa67-104e961664ee\",\"type\":\"lens\"},{\"id\":\"4d6bdc60-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_30774bd7-ee7f-4c21-aa67-104e961664ee\",\"type\":\"lens\"},{\"id\":\"4d6bdc60-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_30774bd7-ee7f-4c21-aa67-104e961664ee\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-860e44c0-e06a-4d8a-9172-b542532df353\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"},\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"860e44c0-e06a-4d8a-9172-b542532df353\",\"accessors\":[\"63defa8c-527b-4165-9fb9-4e564bd03695\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"0c6f3897-05c7-4aa3-90e5-17f58946a3af\",\"splitAccessor\":\"55eacb06-199f-41eb-b6dc-b5b1407b7073\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"indexRefName\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"860e44c0-e06a-4d8a-9172-b542532df353\":{\"columns\":{\"55eacb06-199f-41eb-b6dc-b5b1407b7073\":{\"label\":\"Top values of event.action\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.action\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"63defa8c-527b-4165-9fb9-4e564bd03695\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"0c6f3897-05c7-4aa3-90e5-17f58946a3af\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"63defa8c-527b-4165-9fb9-4e564bd03695\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"55eacb06-199f-41eb-b6dc-b5b1407b7073\",\"0c6f3897-05c7-4aa3-90e5-17f58946a3af\",\"63defa8c-527b-4165-9fb9-4e564bd03695\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - File Event Action\",\"panelRefName\":\"panel_30774bd7-ee7f-4c21-aa67-104e961664ee\"},{\"version\":\"7.16.2\",\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":12,\"w\":16,\"h\":16,\"i\":\"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\"},\"panelIndex\":\"8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"5a43fa30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\",\"type\":\"lens\"},{\"id\":\"5a43fa30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\",\"type\":\"lens\"},{\"id\":\"5a43fa30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\",\"type\":\"lens\"},{\"id\":\"5a43fa30-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-b12aced8-11a0-4a83-a7c5-129f142e8f04\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"b12aced8-11a0-4a83-a7c5-129f142e8f04\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"bc61b519-0caa-4bf7-bbe7-6077fb307d0a\"},{\"columnId\":\"f549d182-14e5-4395-b185-4cd192e4030c\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"indexRefName\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"b12aced8-11a0-4a83-a7c5-129f142e8f04\":{\"columns\":{\"bc61b519-0caa-4bf7-bbe7-6077fb307d0a\":{\"label\":\"Top values of user.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f549d182-14e5-4395-b185-4cd192e4030c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"f549d182-14e5-4395-b185-4cd192e4030c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"bc61b519-0caa-4bf7-bbe7-6077fb307d0a\",\"f549d182-14e5-4395-b185-4cd192e4030c\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - File Username\",\"panelRefName\":\"panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1\"},{\"version\":\"7.16.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":28,\"w\":23,\"h\":31,\"i\":\"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\"},\"panelIndex\":\"cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"type\":\"lens\"},{\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"type\":\"lens\"},{\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"type\":\"lens\"},{\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-e5f77e35-1bc5-4487-9602-e2962cafa87b\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"e5f77e35-1bc5-4487-9602-e2962cafa87b\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"ade5af28-bac8-4a2d-adff-28580282a9d2\"},{\"isTransposed\":false,\"columnId\":\"e480935c-b388-48c6-9582-fb4600b462fb\"},{\"columnId\":\"bb5f0057-5e74-4baf-9839-aff53de6d145\",\"isTransposed\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"indexRefName\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"e5f77e35-1bc5-4487-9602-e2962cafa87b\":{\"columns\":{\"ade5af28-bac8-4a2d-adff-28580282a9d2\":{\"label\":\"Top values of file.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.name\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e480935c-b388-48c6-9582-fb4600b462fb\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true}},\"e480935c-b388-48c6-9582-fb4600b462fb\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"bb5f0057-5e74-4baf-9839-aff53de6d145\":{\"label\":\"Top values of file.path\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.path\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e480935c-b388-48c6-9582-fb4600b462fb\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true}}},\"columnOrder\":[\"ade5af28-bac8-4a2d-adff-28580282a9d2\",\"bb5f0057-5e74-4baf-9839-aff53de6d145\",\"e480935c-b388-48c6-9582-fb4600b462fb\"],\"incompleteColumns\":{}}}}}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - File Name\",\"panelRefName\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\"},{\"version\":\"7.16.2\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":28,\"w\":25,\"h\":11,\"i\":\"7e1aecd8-bbbe-453c-868b-8335f5ab65ea\"},\"panelIndex\":\"7e1aecd8-bbbe-453c-868b-8335f5ab65ea\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"74daec50-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea\",\"type\":\"lens\"},{\"id\":\"74daec50-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea\",\"type\":\"lens\"},{\"id\":\"74daec50-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea\",\"type\":\"lens\"},{\"id\":\"74daec50-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-377145dd-d931-4e01-8719-fa4e36df631a\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"377145dd-d931-4e01-8719-fa4e36df631a\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"6ba09492-0ce8-4f51-9263-e85a0a74225c\"},{\"columnId\":\"123ad80c-6989-4387-a25a-9f0a60d6ea7b\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"indexRefName\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"377145dd-d931-4e01-8719-fa4e36df631a\":{\"columns\":{\"6ba09492-0ce8-4f51-9263-e85a0a74225c\":{\"label\":\"Top values of host.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"123ad80c-6989-4387-a25a-9f0a60d6ea7b\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"123ad80c-6989-4387-a25a-9f0a60d6ea7b\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"6ba09492-0ce8-4f51-9263-e85a0a74225c\",\"123ad80c-6989-4387-a25a-9f0a60d6ea7b\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - File Hostname\",\"panelRefName\":\"panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea\"},{\"version\":\"7.16.2\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":39,\"w\":25,\"h\":20,\"i\":\"9fa50224-7ba0-4adb-806a-bca0ddaf81d0\"},\"panelIndex\":\"9fa50224-7ba0-4adb-806a-bca0ddaf81d0\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"id\":\"82ab9af0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0\",\"type\":\"lens\"},{\"id\":\"82ab9af0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0\",\"type\":\"lens\"},{\"id\":\"82ab9af0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0\",\"type\":\"lens\"},{\"id\":\"82ab9af0-6d6d-11ec-864c-8b5450f97635\",\"name\":\"panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0\",\"type\":\"lens\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-3320254d-3b41-4746-946e-70357e58da19\",\"type\":\"index-pattern\"},{\"id\":\"endgame-*\",\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"3320254d-3b41-4746-946e-70357e58da19\",\"groups\":[\"4a9a0ae7-34cc-407e-8f0c-a60c234179b7\"],\"metric\":\"9ee7fb17-68de-4b29-b3e8-21336f4b15ca\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"indexRefName\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"3320254d-3b41-4746-946e-70357e58da19\":{\"columns\":{\"4a9a0ae7-34cc-407e-8f0c-a60c234179b7\":{\"label\":\"Top values of event.type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.type\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9ee7fb17-68de-4b29-b3e8-21336f4b15ca\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"9ee7fb17-68de-4b29-b3e8-21336f4b15ca\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"4a9a0ae7-34cc-407e-8f0c-a60c234179b7\",\"9ee7fb17-68de-4b29-b3e8-21336f4b15ca\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"fa53d234-1d45-4a90-8468-631012e68ce8\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Go to File Dashboard\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true}}}]}}},\"title\":\"Endgame - File Event Type (Donut)\",\"panelRefName\":\"panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0\"},{\"version\":\"7.16.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":59,\"w\":48,\"h\":16,\"i\":\"0f24d345-114e-44a8-ac45-75258008cf3b\"},\"panelIndex\":\"0f24d345-114e-44a8-ac45-75258008cf3b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0f24d345-114e-44a8-ac45-75258008cf3b\"}]", "timeRestore": false, "title": "Endgame - File", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "4923ad00-6349-11ec-864c-8b5450f97635", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "754f7380-6d82-11ec-864c-8b5450f97635", "name": "d3fd89cc-9483-41b1-90e8-c2e86b862d4c:panel_d3fd89cc-9483-41b1-90e8-c2e86b862d4c", "type": "visualization"}, {"id": "3505d400-6d6d-11ec-864c-8b5450f97635", "name": "dcf897df-beb2-4a1b-86b2-4b8b0370aa94:panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94", "type": "lens"}, {"id": "3505d400-6d6d-11ec-864c-8b5450f97635", "name": "dcf897df-beb2-4a1b-86b2-4b8b0370aa94:panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94", "type": "lens"}, {"id": "3505d400-6d6d-11ec-864c-8b5450f97635", "name": "dcf897df-beb2-4a1b-86b2-4b8b0370aa94:panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94", "type": "lens"}, {"id": "3505d400-6d6d-11ec-864c-8b5450f97635", "name": "dcf897df-beb2-4a1b-86b2-4b8b0370aa94:panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94", "type": "lens"}, {"id": "3505d400-6d6d-11ec-864c-8b5450f97635", "name": "dcf897df-beb2-4a1b-86b2-4b8b0370aa94:panel_dcf897df-beb2-4a1b-86b2-4b8b0370aa94", "type": "lens"}, {"id": "endgame-*", "name": "dcf897df-beb2-4a1b-86b2-4b8b0370aa94:indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "dcf897df-beb2-4a1b-86b2-4b8b0370aa94:indexpattern-datasource-layer-265fc12b-5b8f-4440-9d9a-77ca0e8b2ac0", "type": "index-pattern"}, {"id": "endgame-*", "name": "dcf897df-beb2-4a1b-86b2-4b8b0370aa94:filter-index-pattern-0", "type": "index-pattern"}, {"id": "42a22c30-6d6d-11ec-864c-8b5450f97635", "name": "fb5061a4-571d-4f4d-a3b5-fd7851d324ca:panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca", "type": "lens"}, {"id": "42a22c30-6d6d-11ec-864c-8b5450f97635", "name": "fb5061a4-571d-4f4d-a3b5-fd7851d324ca:panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca", "type": "lens"}, {"id": "42a22c30-6d6d-11ec-864c-8b5450f97635", "name": "fb5061a4-571d-4f4d-a3b5-fd7851d324ca:panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca", "type": "lens"}, {"id": "42a22c30-6d6d-11ec-864c-8b5450f97635", "name": "fb5061a4-571d-4f4d-a3b5-fd7851d324ca:panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca", "type": "lens"}, {"id": "42a22c30-6d6d-11ec-864c-8b5450f97635", "name": "fb5061a4-571d-4f4d-a3b5-fd7851d324ca:panel_fb5061a4-571d-4f4d-a3b5-fd7851d324ca", "type": "lens"}, {"id": "endgame-*", "name": "fb5061a4-571d-4f4d-a3b5-fd7851d324ca:indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "fb5061a4-571d-4f4d-a3b5-fd7851d324ca:indexpattern-datasource-layer-10863c78-73fc-4739-88ea-b6e3419da4db", "type": "index-pattern"}, {"id": "endgame-*", "name": "fb5061a4-571d-4f4d-a3b5-fd7851d324ca:filter-index-pattern-0", "type": "index-pattern"}, {"id": "4d6bdc60-6d6d-11ec-864c-8b5450f97635", "name": "30774bd7-ee7f-4c21-aa67-104e961664ee:panel_30774bd7-ee7f-4c21-aa67-104e961664ee", "type": "lens"}, {"id": "4d6bdc60-6d6d-11ec-864c-8b5450f97635", "name": "30774bd7-ee7f-4c21-aa67-104e961664ee:panel_30774bd7-ee7f-4c21-aa67-104e961664ee", "type": "lens"}, {"id": "4d6bdc60-6d6d-11ec-864c-8b5450f97635", "name": "30774bd7-ee7f-4c21-aa67-104e961664ee:panel_30774bd7-ee7f-4c21-aa67-104e961664ee", "type": "lens"}, {"id": "4d6bdc60-6d6d-11ec-864c-8b5450f97635", "name": "30774bd7-ee7f-4c21-aa67-104e961664ee:panel_30774bd7-ee7f-4c21-aa67-104e961664ee", "type": "lens"}, {"id": "4d6bdc60-6d6d-11ec-864c-8b5450f97635", "name": "30774bd7-ee7f-4c21-aa67-104e961664ee:panel_30774bd7-ee7f-4c21-aa67-104e961664ee", "type": "lens"}, {"id": "endgame-*", "name": "30774bd7-ee7f-4c21-aa67-104e961664ee:indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "30774bd7-ee7f-4c21-aa67-104e961664ee:indexpattern-datasource-layer-860e44c0-e06a-4d8a-9172-b542532df353", "type": "index-pattern"}, {"id": "endgame-*", "name": "30774bd7-ee7f-4c21-aa67-104e961664ee:filter-index-pattern-0", "type": "index-pattern"}, {"id": "5a43fa30-6d6d-11ec-864c-8b5450f97635", "name": "8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1", "type": "lens"}, {"id": "5a43fa30-6d6d-11ec-864c-8b5450f97635", "name": "8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1", "type": "lens"}, {"id": "5a43fa30-6d6d-11ec-864c-8b5450f97635", "name": "8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1", "type": "lens"}, {"id": "5a43fa30-6d6d-11ec-864c-8b5450f97635", "name": "8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1", "type": "lens"}, {"id": "5a43fa30-6d6d-11ec-864c-8b5450f97635", "name": "8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:panel_8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1", "type": "lens"}, {"id": "endgame-*", "name": "8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:indexpattern-datasource-layer-b12aced8-11a0-4a83-a7c5-129f142e8f04", "type": "index-pattern"}, {"id": "endgame-*", "name": "8e44a14b-ce7e-4ebf-a1b1-478eb4cab7c1:filter-index-pattern-0", "type": "index-pattern"}, {"id": "676296e0-6d6d-11ec-864c-8b5450f97635", "name": "cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2", "type": "lens"}, {"id": "676296e0-6d6d-11ec-864c-8b5450f97635", "name": "cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2", "type": "lens"}, {"id": "676296e0-6d6d-11ec-864c-8b5450f97635", "name": "cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2", "type": "lens"}, {"id": "676296e0-6d6d-11ec-864c-8b5450f97635", "name": "cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2", "type": "lens"}, {"id": "676296e0-6d6d-11ec-864c-8b5450f97635", "name": "cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2", "type": "lens"}, {"id": "endgame-*", "name": "cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:indexpattern-datasource-layer-e5f77e35-1bc5-4487-9602-e2962cafa87b", "type": "index-pattern"}, {"id": "endgame-*", "name": "cd2e58e6-ecaf-46ff-89ae-3f6c104137b2:filter-index-pattern-0", "type": "index-pattern"}, {"id": "74daec50-6d6d-11ec-864c-8b5450f97635", "name": "7e1aecd8-bbbe-453c-868b-8335f5ab65ea:panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea", "type": "lens"}, {"id": "74daec50-6d6d-11ec-864c-8b5450f97635", "name": "7e1aecd8-bbbe-453c-868b-8335f5ab65ea:panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea", "type": "lens"}, {"id": "74daec50-6d6d-11ec-864c-8b5450f97635", "name": "7e1aecd8-bbbe-453c-868b-8335f5ab65ea:panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea", "type": "lens"}, {"id": "74daec50-6d6d-11ec-864c-8b5450f97635", "name": "7e1aecd8-bbbe-453c-868b-8335f5ab65ea:panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea", "type": "lens"}, {"id": "74daec50-6d6d-11ec-864c-8b5450f97635", "name": "7e1aecd8-bbbe-453c-868b-8335f5ab65ea:panel_7e1aecd8-bbbe-453c-868b-8335f5ab65ea", "type": "lens"}, {"id": "endgame-*", "name": "7e1aecd8-bbbe-453c-868b-8335f5ab65ea:indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "7e1aecd8-bbbe-453c-868b-8335f5ab65ea:indexpattern-datasource-layer-377145dd-d931-4e01-8719-fa4e36df631a", "type": "index-pattern"}, {"id": "endgame-*", "name": "7e1aecd8-bbbe-453c-868b-8335f5ab65ea:filter-index-pattern-0", "type": "index-pattern"}, {"id": "82ab9af0-6d6d-11ec-864c-8b5450f97635", "name": "9fa50224-7ba0-4adb-806a-bca0ddaf81d0:panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0", "type": "lens"}, {"id": "82ab9af0-6d6d-11ec-864c-8b5450f97635", "name": "9fa50224-7ba0-4adb-806a-bca0ddaf81d0:panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0", "type": "lens"}, {"id": "82ab9af0-6d6d-11ec-864c-8b5450f97635", "name": "9fa50224-7ba0-4adb-806a-bca0ddaf81d0:panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0", "type": "lens"}, {"id": "82ab9af0-6d6d-11ec-864c-8b5450f97635", "name": "9fa50224-7ba0-4adb-806a-bca0ddaf81d0:panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0", "type": "lens"}, {"id": "82ab9af0-6d6d-11ec-864c-8b5450f97635", "name": "9fa50224-7ba0-4adb-806a-bca0ddaf81d0:panel_9fa50224-7ba0-4adb-806a-bca0ddaf81d0", "type": "lens"}, {"id": "endgame-*", "name": "9fa50224-7ba0-4adb-806a-bca0ddaf81d0:indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "9fa50224-7ba0-4adb-806a-bca0ddaf81d0:indexpattern-datasource-layer-3320254d-3b41-4746-946e-70357e58da19", "type": "index-pattern"}, {"id": "endgame-*", "name": "9fa50224-7ba0-4adb-806a-bca0ddaf81d0:filter-index-pattern-0", "type": "index-pattern"}, {"id": "4923ad00-6349-11ec-864c-8b5450f97635", "name": "9fa50224-7ba0-4adb-806a-bca0ddaf81d0:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:fa53d234-1d45-4a90-8468-631012e68ce8:dashboardId", "type": "dashboard"}, {"id": "90facda0-6f08-11ec-864c-8b5450f97635", "name": "0f24d345-114e-44a8-ac45-75258008cf3b:panel_0f24d345-114e-44a8-ac45-75258008cf3b", "type": "search"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1153], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDU4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SIP - Request From", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - SIP - Request From\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.request.from.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.request.from.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request From\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "49384710-75ca-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1155], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDU5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"network.transport:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Network - Transport", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Network - Transport\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"network.transport: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Transport\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "499a0690-6ead-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1157], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDYwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Strelka - File - Source", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Strelka - File - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "49cfe850-772c-11ea-bee5-af7f7c7b8e05", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1159], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDYxLDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"3a9904aa-0df2-48a5-b981-ae47f20e29d3": {"columnOrder": ["37a5b642-e2c0-4005-88c9-d4e1f9016648"], "columns": {"37a5b642-e2c0-4005-88c9-d4e1f9016648": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Logs", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.category", "negate": false, "params": {"query": "network"}, "type": "phrase"}, "query": {"match_phrase": {"event.category": "network"}}}], "query": {"language": "kuery", "query": ""}, "visualization": {"accessor": "37a5b642-e2c0-4005-88c9-d4e1f9016648", "layerId": "3a9904aa-0df2-48a5-b981-ae47f20e29d3", "layerType": "data"}}, "title": "Endgame - Network Metric", "visualizationType": "lnsMetric"}, "coreMigrationVersion": "7.16.2", "id": "ec0fa520-6329-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-3a9904aa-0df2-48a5-b981-ae47f20e29d3", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1164], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDYyLDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"909005b3-b986-4bf6-9504-f4a9c877a966": {"columnOrder": ["b65c177b-364a-4656-854a-69e6b07f05ff", "98109e10-1bb1-4a93-bd3f-64a228aba2c4"], "columns": {"98109e10-1bb1-4a93-bd3f-64a228aba2c4": {"dataType": "number", "isBucketed": false, "label": "Count of records", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "b65c177b-364a-4656-854a-69e6b07f05ff": {"dataType": "string", "isBucketed": true, "label": "Top values of network.transport", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "98109e10-1bb1-4a93-bd3f-64a228aba2c4", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 5}, "scale": "ordinal", "sourceField": "network.transport"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.category", "negate": false, "params": {"query": "network"}, "type": "phrase"}, "query": {"match_phrase": {"event.category": "network"}}}], "query": {"language": "kuery", "query": ""}, "visualization": {"layers": [{"categoryDisplay": "default", "groups": ["b65c177b-364a-4656-854a-69e6b07f05ff"], "layerId": "909005b3-b986-4bf6-9504-f4a9c877a966", "layerType": "data", "legendDisplay": "show", "metric": "98109e10-1bb1-4a93-bd3f-64a228aba2c4", "nestedLegend": false, "numberDisplay": "percent"}], "shape": "donut"}}, "title": "Endgame - Network Protocol", "visualizationType": "lnsPie"}, "coreMigrationVersion": "7.16.2", "id": "a82d8250-6324-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-909005b3-b986-4bf6-9504-f4a9c877a966", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1169], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDYzLDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"f2b4871a-9aca-4016-848c-331b8c221cf7": {"columnOrder": ["a06965e8-9258-490d-9765-54afc2fb5073", "e81257d5-bbe1-406d-b8b7-01db30a05390"], "columns": {"a06965e8-9258-490d-9765-54afc2fb5073": {"customLabel": true, "dataType": "ip", "isBucketed": true, "label": "source.ip", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "e81257d5-bbe1-406d-b8b7-01db30a05390", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 100}, "scale": "ordinal", "sourceField": "source.ip"}, "e81257d5-bbe1-406d-b8b7-01db30a05390": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": ""}, "visualization": {"columns": [{"columnId": "a06965e8-9258-490d-9765-54afc2fb5073"}, {"columnId": "e81257d5-bbe1-406d-b8b7-01db30a05390"}], "layerId": "f2b4871a-9aca-4016-848c-331b8c221cf7", "layerType": "data"}}, "title": "Endgame - Network Source IP", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "ac2e7c60-6e41-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-f2b4871a-9aca-4016-848c-331b8c221cf7", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1173], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDY0LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"d76872f3-61fb-4b26-8440-0ca886e33224": {"columnOrder": ["822af2db-f82f-4f05-a4c3-8c6b7808d79a", "6f747e8d-b264-42e8-ae88-2df81bf5bfa5"], "columns": {"6f747e8d-b264-42e8-ae88-2df81bf5bfa5": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "822af2db-f82f-4f05-a4c3-8c6b7808d79a": {"customLabel": true, "dataType": "ip", "isBucketed": true, "label": "destination.ip", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "6f747e8d-b264-42e8-ae88-2df81bf5bfa5", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 100}, "scale": "ordinal", "sourceField": "destination.ip"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": ""}, "visualization": {"columns": [{"columnId": "822af2db-f82f-4f05-a4c3-8c6b7808d79a"}, {"columnId": "6f747e8d-b264-42e8-ae88-2df81bf5bfa5"}], "layerId": "d76872f3-61fb-4b26-8440-0ca886e33224", "layerType": "data"}}, "title": "Endgame - Network Destination IP", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "c7f8be60-6e41-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-d76872f3-61fb-4b26-8440-0ca886e33224", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1177], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDY1LDE1XQ=="} +{"attributes": {"columns": [], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"network\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.category\":\"network\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Endgame - Network Search", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "4e1aa7c0-6ed2-11ec-864c-8b5450f97635", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "endgame-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}, {"id": "endgame-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", "type": "index-pattern"}], "sort": [1643385898421, 1180], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDY2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Endgame - Network Heatmap", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 5,500,000,000\":\"rgb(247,252,245)\",\"5,500,000,000 - 11,000,000,000\":\"rgb(198,232,191)\",\"11,000,000,000 - 16,500,000,000\":\"rgb(114,195,120)\",\"16,500,000,000 - 22,000,000,000\":\"rgb(34,139,69)\"},\"legendOpen\":true}}", "version": 1, "visState": "{\"title\":\"Endgame - Network Heatmap\",\"type\":\"heatmap\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":17,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"source.ip\"},\"schema\":\"group\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"destination.ip\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"heatmap\",\"addTooltip\":true,\"addLegend\":true,\"enableHover\":false,\"legendPosition\":\"right\",\"times\":[],\"colorsNumber\":4,\"colorSchema\":\"Greens\",\"setColorRange\":false,\"colorsRange\":[],\"invertColors\":false,\"percentageMode\":false,\"valueAxes\":[{\"show\":false,\"id\":\"ValueAxis-1\",\"type\":\"value\",\"scale\":{\"type\":\"linear\",\"defaultYExtents\":false},\"labels\":{\"show\":false,\"rotate\":0,\"overwriteColor\":false,\"color\":\"black\"}}]}}"}, "coreMigrationVersion": "7.16.2", "id": "de389910-6f0a-11ec-864c-8b5450f97635", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "4e1aa7c0-6ed2-11ec-864c-8b5450f97635", "name": "search_0", "type": "search"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1183], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDY3LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"89c7faa8-15c2-4772-95a6-8049a683be1a": {"columnOrder": ["0cf6d6cf-9585-4e5f-8729-af8484507670", "fa5a503a-c448-4dc7-8b1e-5679822218ae", "e520b985-a9b8-4183-b29c-61373ed817c8", "9079d4df-8e60-4749-bc38-b3b52782f71d"], "columns": {"0cf6d6cf-9585-4e5f-8729-af8484507670": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "dns.question.type", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "9079d4df-8e60-4749-bc38-b3b52782f71d", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 100}, "scale": "ordinal", "sourceField": "dns.question.type"}, "9079d4df-8e60-4749-bc38-b3b52782f71d": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "e520b985-a9b8-4183-b29c-61373ed817c8": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "dns.question.registered_domain", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "9079d4df-8e60-4749-bc38-b3b52782f71d", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 100}, "scale": "ordinal", "sourceField": "dns.question.registered_domain"}, "fa5a503a-c448-4dc7-8b1e-5679822218ae": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "dns.question.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "9079d4df-8e60-4749-bc38-b3b52782f71d", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 100}, "scale": "ordinal", "sourceField": "dns.question.name"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.category", "negate": false, "params": {"query": "network"}, "type": "phrase"}, "query": {"match_phrase": {"event.category": "network"}}}], "query": {"language": "kuery", "query": ""}, "visualization": {"columns": [{"columnId": "0cf6d6cf-9585-4e5f-8729-af8484507670", "isTransposed": false}, {"columnId": "e520b985-a9b8-4183-b29c-61373ed817c8", "isTransposed": false}, {"columnId": "fa5a503a-c448-4dc7-8b1e-5679822218ae", "isTransposed": false}, {"columnId": "9079d4df-8e60-4749-bc38-b3b52782f71d", "isTransposed": false}], "layerId": "89c7faa8-15c2-4772-95a6-8049a683be1a", "layerType": "data"}}, "title": "Endgame - DNS Records", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "85048e40-6329-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-89c7faa8-15c2-4772-95a6-8049a683be1a", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1188], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDY4LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"6eb1c7b4-ab7b-4b99-8113-5e5eec2db2f6": {"columnOrder": ["bc7ded30-7099-4284-93f9-61bc44cd1b20", "1219efed-4a09-4e75-b721-b5b581968e14"], "columns": {"1219efed-4a09-4e75-b721-b5b581968e14": {"dataType": "number", "isBucketed": false, "label": "Count of records", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "bc7ded30-7099-4284-93f9-61bc44cd1b20": {"dataType": "string", "isBucketed": true, "label": "Top values of user.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "1219efed-4a09-4e75-b721-b5b581968e14", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 5}, "scale": "ordinal", "sourceField": "user.name"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.category", "negate": false, "params": {"query": "network"}, "type": "phrase"}, "query": {"match_phrase": {"event.category": "network"}}}, {"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-1", "key": "event.type", "negate": false, "params": {"query": "info"}, "type": "phrase"}, "query": {"match_phrase": {"event.type": "info"}}}], "query": {"language": "kuery", "query": ""}, "visualization": {"layers": [{"categoryDisplay": "default", "groups": ["bc7ded30-7099-4284-93f9-61bc44cd1b20", "bc7ded30-7099-4284-93f9-61bc44cd1b20"], "layerId": "6eb1c7b4-ab7b-4b99-8113-5e5eec2db2f6", "layerType": "data", "legendDisplay": "show", "metric": "1219efed-4a09-4e75-b721-b5b581968e14", "nestedLegend": false, "numberDisplay": "percent"}], "shape": "donut"}}, "title": "Endgame - DNS Requests Chart", "visualizationType": "lnsPie"}, "coreMigrationVersion": "7.16.2", "id": "f30bef10-6328-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-6eb1c7b4-ab7b-4b99-8113-5e5eec2db2f6", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-1", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1194], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDY5LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"}, "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}", "panelsJSON": "[{\"version\":\"7.16.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":10,\"h\":10,\"i\":\"5485c8f5-90ea-409f-8522-f0a58716a12e\"},\"panelIndex\":\"5485c8f5-90ea-409f-8522-f0a58716a12e\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635) \\n \\n**Event Category** \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame** \\n[Endgame Alerts](https://ENDGAMEHOST/alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_5485c8f5-90ea-409f-8522-f0a58716a12e\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":10,\"y\":0,\"w\":14,\"h\":10,\"i\":\"2fcc00ab-4db8-4760-9bd0-111a3cd1c822\"},\"panelIndex\":\"2fcc00ab-4db8-4760-9bd0-111a3cd1c822\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2fcc00ab-4db8-4760-9bd0-111a3cd1c822\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":12,\"h\":13,\"i\":\"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\"},\"panelIndex\":\"0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\",\"type\":\"lens\",\"id\":\"a82d8250-6324-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-909005b3-b986-4bf6-9504-f4a9c877a966\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"909005b3-b986-4bf6-9504-f4a9c877a966\",\"groups\":[\"b65c177b-364a-4656-854a-69e6b07f05ff\"],\"metric\":\"98109e10-1bb1-4a93-bd3f-64a228aba2c4\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"layerType\":\"data\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"909005b3-b986-4bf6-9504-f4a9c877a966\":{\"columns\":{\"b65c177b-364a-4656-854a-69e6b07f05ff\":{\"label\":\"Top values of network.transport\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"network.transport\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"98109e10-1bb1-4a93-bd3f-64a228aba2c4\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"98109e10-1bb1-4a93-bd3f-64a228aba2c4\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"b65c177b-364a-4656-854a-69e6b07f05ff\",\"98109e10-1bb1-4a93-bd3f-64a228aba2c4\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Network Transport\",\"panelRefName\":\"panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":0,\"w\":12,\"h\":13,\"i\":\"3db56ff3-17bb-4304-95ca-5b7b6254257a\"},\"panelIndex\":\"3db56ff3-17bb-4304-95ca-5b7b6254257a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3db56ff3-17bb-4304-95ca-5b7b6254257a\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":10,\"w\":24,\"h\":19,\"i\":\"0fd77215-f380-4e05-8e8d-7eff24e7eb10\"},\"panelIndex\":\"0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\",\"type\":\"lens\",\"id\":\"22ffcc70-6322-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-7d4edcbb-fca9-47d9-93df-acba6aaf6f58\"}],\"state\":{\"visualization\":{\"layerId\":\"7d4edcbb-fca9-47d9-93df-acba6aaf6f58\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"0cbe5805-5e69-4a7e-a5ef-21dfabd592f5\"},{\"columnId\":\"92a4b279-4a18-4513-a75c-52dcf79a6801\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"7d4edcbb-fca9-47d9-93df-acba6aaf6f58\":{\"columns\":{\"0cbe5805-5e69-4a7e-a5ef-21dfabd592f5\":{\"label\":\"Top values of event.category\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.category\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"92a4b279-4a18-4513-a75c-52dcf79a6801\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"92a4b279-4a18-4513-a75c-52dcf79a6801\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"0cbe5805-5e69-4a7e-a5ef-21dfabd592f5\",\"92a4b279-4a18-4513-a75c-52dcf79a6801\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Network Events\",\"panelRefName\":\"panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":13,\"w\":12,\"h\":16,\"i\":\"55ac1386-6ccb-4926-813d-1dc397a60036\"},\"panelIndex\":\"55ac1386-6ccb-4926-813d-1dc397a60036\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_55ac1386-6ccb-4926-813d-1dc397a60036\",\"type\":\"lens\",\"id\":\"ac2e7c60-6e41-11ec-864c-8b5450f97635\"},{\"name\":\"panel_55ac1386-6ccb-4926-813d-1dc397a60036\",\"type\":\"lens\",\"id\":\"ac2e7c60-6e41-11ec-864c-8b5450f97635\"},{\"name\":\"panel_55ac1386-6ccb-4926-813d-1dc397a60036\",\"type\":\"lens\",\"id\":\"ac2e7c60-6e41-11ec-864c-8b5450f97635\"},{\"name\":\"panel_55ac1386-6ccb-4926-813d-1dc397a60036\",\"type\":\"lens\",\"id\":\"ac2e7c60-6e41-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-f2b4871a-9aca-4016-848c-331b8c221cf7\"}],\"state\":{\"visualization\":{\"layerId\":\"f2b4871a-9aca-4016-848c-331b8c221cf7\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"a06965e8-9258-490d-9765-54afc2fb5073\"},{\"columnId\":\"e81257d5-bbe1-406d-b8b7-01db30a05390\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"f2b4871a-9aca-4016-848c-331b8c221cf7\":{\"columns\":{\"a06965e8-9258-490d-9765-54afc2fb5073\":{\"label\":\"Top values of source.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.ip\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e81257d5-bbe1-406d-b8b7-01db30a05390\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"e81257d5-bbe1-406d-b8b7-01db30a05390\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"a06965e8-9258-490d-9765-54afc2fb5073\",\"e81257d5-bbe1-406d-b8b7-01db30a05390\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Network Source IP\",\"panelRefName\":\"panel_55ac1386-6ccb-4926-813d-1dc397a60036\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":13,\"w\":12,\"h\":16,\"i\":\"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\"},\"panelIndex\":\"0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\",\"type\":\"lens\",\"id\":\"c7f8be60-6e41-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\",\"type\":\"lens\",\"id\":\"c7f8be60-6e41-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\",\"type\":\"lens\",\"id\":\"c7f8be60-6e41-11ec-864c-8b5450f97635\"},{\"name\":\"panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\",\"type\":\"lens\",\"id\":\"c7f8be60-6e41-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-d76872f3-61fb-4b26-8440-0ca886e33224\"}],\"state\":{\"visualization\":{\"layerId\":\"d76872f3-61fb-4b26-8440-0ca886e33224\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"822af2db-f82f-4f05-a4c3-8c6b7808d79a\"},{\"columnId\":\"6f747e8d-b264-42e8-ae88-2df81bf5bfa5\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"d76872f3-61fb-4b26-8440-0ca886e33224\":{\"columns\":{\"822af2db-f82f-4f05-a4c3-8c6b7808d79a\":{\"label\":\"Top values of destination.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6f747e8d-b264-42e8-ae88-2df81bf5bfa5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"6f747e8d-b264-42e8-ae88-2df81bf5bfa5\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"822af2db-f82f-4f05-a4c3-8c6b7808d79a\",\"6f747e8d-b264-42e8-ae88-2df81bf5bfa5\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Network Destination IP\",\"panelRefName\":\"panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":29,\"w\":48,\"h\":12,\"i\":\"93e059d5-fc50-4357-9dfa-939f48da5834\"},\"panelIndex\":\"93e059d5-fc50-4357-9dfa-939f48da5834\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_93e059d5-fc50-4357-9dfa-939f48da5834\"},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":41,\"w\":48,\"h\":21,\"i\":\"cb25c6cd-4360-4a3f-8c5c-49a1b1a3d002\"},\"panelIndex\":\"cb25c6cd-4360-4a3f-8c5c-49a1b1a3d002\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cb25c6cd-4360-4a3f-8c5c-49a1b1a3d002\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":62,\"w\":28,\"h\":17,\"i\":\"1d174f74-9575-4827-8ae0-d5db7d53777b\"},\"panelIndex\":\"1d174f74-9575-4827-8ae0-d5db7d53777b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"name\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\",\"type\":\"lens\",\"id\":\"85048e40-6329-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-89c7faa8-15c2-4772-95a6-8049a683be1a\"}],\"state\":{\"visualization\":{\"layerId\":\"89c7faa8-15c2-4772-95a6-8049a683be1a\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"0cf6d6cf-9585-4e5f-8729-af8484507670\"},{\"isTransposed\":false,\"columnId\":\"e520b985-a9b8-4183-b29c-61373ed817c8\"},{\"isTransposed\":false,\"columnId\":\"fa5a503a-c448-4dc7-8b1e-5679822218ae\"},{\"isTransposed\":false,\"columnId\":\"9079d4df-8e60-4749-bc38-b3b52782f71d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"89c7faa8-15c2-4772-95a6-8049a683be1a\":{\"columns\":{\"0cf6d6cf-9585-4e5f-8729-af8484507670\":{\"label\":\"Top values of dns.question.type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"dns.question.type\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9079d4df-8e60-4749-bc38-b3b52782f71d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"e520b985-a9b8-4183-b29c-61373ed817c8\":{\"label\":\"Top values of dns.question.registered_domain\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"dns.question.registered_domain\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9079d4df-8e60-4749-bc38-b3b52782f71d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"fa5a503a-c448-4dc7-8b1e-5679822218ae\":{\"label\":\"Top values of dns.question.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"dns.question.name\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9079d4df-8e60-4749-bc38-b3b52782f71d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"9079d4df-8e60-4749-bc38-b3b52782f71d\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"0cf6d6cf-9585-4e5f-8729-af8484507670\",\"e520b985-a9b8-4183-b29c-61373ed817c8\",\"fa5a503a-c448-4dc7-8b1e-5679822218ae\",\"9079d4df-8e60-4749-bc38-b3b52782f71d\"],\"incompleteColumns\":{}}}}}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Endgame - Network DNS Query\",\"panelRefName\":\"panel_1d174f74-9575-4827-8ae0-d5db7d53777b\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":28,\"y\":62,\"w\":20,\"h\":17,\"i\":\"0dc8b0a7-c750-4e4d-8fa3-fa9fb8814fa1\"},\"panelIndex\":\"0dc8b0a7-c750-4e4d-8fa3-fa9fb8814fa1\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - Network DNS Requests Chart\",\"panelRefName\":\"panel_0dc8b0a7-c750-4e4d-8fa3-fa9fb8814fa1\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":79,\"w\":48,\"h\":17,\"i\":\"fb5ece46-c6e7-4d56-a48a-607783ad818f\"},\"panelIndex\":\"fb5ece46-c6e7-4d56-a48a-607783ad818f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fb5ece46-c6e7-4d56-a48a-607783ad818f\"}]", "timeRestore": false, "title": "Endgame - Network", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "49d34770-53b2-11ec-b3ef-6bcc33056a36", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "754f7380-6d82-11ec-864c-8b5450f97635", "name": "5485c8f5-90ea-409f-8522-f0a58716a12e:panel_5485c8f5-90ea-409f-8522-f0a58716a12e", "type": "visualization"}, {"id": "ec0fa520-6329-11ec-864c-8b5450f97635", "name": "2fcc00ab-4db8-4760-9bd0-111a3cd1c822:panel_2fcc00ab-4db8-4760-9bd0-111a3cd1c822", "type": "lens"}, {"id": "a82d8250-6324-11ec-864c-8b5450f97635", "name": "0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800", "type": "lens"}, {"id": "a82d8250-6324-11ec-864c-8b5450f97635", "name": "0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800", "type": "lens"}, {"id": "a82d8250-6324-11ec-864c-8b5450f97635", "name": "0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800", "type": "lens"}, {"id": "a82d8250-6324-11ec-864c-8b5450f97635", "name": "0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800", "type": "lens"}, {"id": "a82d8250-6324-11ec-864c-8b5450f97635", "name": "0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800", "type": "lens"}, {"id": "a82d8250-6324-11ec-864c-8b5450f97635", "name": "0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800", "type": "lens"}, {"id": "a82d8250-6324-11ec-864c-8b5450f97635", "name": "0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800", "type": "lens"}, {"id": "a82d8250-6324-11ec-864c-8b5450f97635", "name": "0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800", "type": "lens"}, {"id": "a82d8250-6324-11ec-864c-8b5450f97635", "name": "0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800", "type": "lens"}, {"id": "a82d8250-6324-11ec-864c-8b5450f97635", "name": "0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800", "type": "lens"}, {"id": "a82d8250-6324-11ec-864c-8b5450f97635", "name": "0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800", "type": "lens"}, {"id": "a82d8250-6324-11ec-864c-8b5450f97635", "name": "0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800", "type": "lens"}, {"id": "a82d8250-6324-11ec-864c-8b5450f97635", "name": "0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:panel_0beb83fa-d4cf-47f1-9e57-e3c32bdf2800", "type": "lens"}, {"id": "endgame-*", "name": "0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "0beb83fa-d4cf-47f1-9e57-e3c32bdf2800:indexpattern-datasource-layer-909005b3-b986-4bf6-9504-f4a9c877a966", "type": "index-pattern"}, {"id": "2f20b2c0-6323-11ec-864c-8b5450f97635", "name": "3db56ff3-17bb-4304-95ca-5b7b6254257a:panel_3db56ff3-17bb-4304-95ca-5b7b6254257a", "type": "lens"}, {"id": "22ffcc70-6322-11ec-864c-8b5450f97635", "name": "0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10", "type": "lens"}, {"id": "22ffcc70-6322-11ec-864c-8b5450f97635", "name": "0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10", "type": "lens"}, {"id": "22ffcc70-6322-11ec-864c-8b5450f97635", "name": "0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10", "type": "lens"}, {"id": "22ffcc70-6322-11ec-864c-8b5450f97635", "name": "0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10", "type": "lens"}, {"id": "22ffcc70-6322-11ec-864c-8b5450f97635", "name": "0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10", "type": "lens"}, {"id": "22ffcc70-6322-11ec-864c-8b5450f97635", "name": "0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10", "type": "lens"}, {"id": "22ffcc70-6322-11ec-864c-8b5450f97635", "name": "0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10", "type": "lens"}, {"id": "22ffcc70-6322-11ec-864c-8b5450f97635", "name": "0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10", "type": "lens"}, {"id": "22ffcc70-6322-11ec-864c-8b5450f97635", "name": "0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10", "type": "lens"}, {"id": "22ffcc70-6322-11ec-864c-8b5450f97635", "name": "0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10", "type": "lens"}, {"id": "22ffcc70-6322-11ec-864c-8b5450f97635", "name": "0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10", "type": "lens"}, {"id": "22ffcc70-6322-11ec-864c-8b5450f97635", "name": "0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10", "type": "lens"}, {"id": "22ffcc70-6322-11ec-864c-8b5450f97635", "name": "0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10", "type": "lens"}, {"id": "22ffcc70-6322-11ec-864c-8b5450f97635", "name": "0fd77215-f380-4e05-8e8d-7eff24e7eb10:panel_0fd77215-f380-4e05-8e8d-7eff24e7eb10", "type": "lens"}, {"id": "endgame-*", "name": "0fd77215-f380-4e05-8e8d-7eff24e7eb10:indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "0fd77215-f380-4e05-8e8d-7eff24e7eb10:indexpattern-datasource-layer-7d4edcbb-fca9-47d9-93df-acba6aaf6f58", "type": "index-pattern"}, {"id": "ac2e7c60-6e41-11ec-864c-8b5450f97635", "name": "55ac1386-6ccb-4926-813d-1dc397a60036:panel_55ac1386-6ccb-4926-813d-1dc397a60036", "type": "lens"}, {"id": "ac2e7c60-6e41-11ec-864c-8b5450f97635", "name": "55ac1386-6ccb-4926-813d-1dc397a60036:panel_55ac1386-6ccb-4926-813d-1dc397a60036", "type": "lens"}, {"id": "ac2e7c60-6e41-11ec-864c-8b5450f97635", "name": "55ac1386-6ccb-4926-813d-1dc397a60036:panel_55ac1386-6ccb-4926-813d-1dc397a60036", "type": "lens"}, {"id": "ac2e7c60-6e41-11ec-864c-8b5450f97635", "name": "55ac1386-6ccb-4926-813d-1dc397a60036:panel_55ac1386-6ccb-4926-813d-1dc397a60036", "type": "lens"}, {"id": "ac2e7c60-6e41-11ec-864c-8b5450f97635", "name": "55ac1386-6ccb-4926-813d-1dc397a60036:panel_55ac1386-6ccb-4926-813d-1dc397a60036", "type": "lens"}, {"id": "endgame-*", "name": "55ac1386-6ccb-4926-813d-1dc397a60036:indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "55ac1386-6ccb-4926-813d-1dc397a60036:indexpattern-datasource-layer-f2b4871a-9aca-4016-848c-331b8c221cf7", "type": "index-pattern"}, {"id": "c7f8be60-6e41-11ec-864c-8b5450f97635", "name": "0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6", "type": "lens"}, {"id": "c7f8be60-6e41-11ec-864c-8b5450f97635", "name": "0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6", "type": "lens"}, {"id": "c7f8be60-6e41-11ec-864c-8b5450f97635", "name": "0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6", "type": "lens"}, {"id": "c7f8be60-6e41-11ec-864c-8b5450f97635", "name": "0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6", "type": "lens"}, {"id": "c7f8be60-6e41-11ec-864c-8b5450f97635", "name": "0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:panel_0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6", "type": "lens"}, {"id": "endgame-*", "name": "0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "0f3fac52-b7b5-4cf5-bf8e-20e4283df6a6:indexpattern-datasource-layer-d76872f3-61fb-4b26-8440-0ca886e33224", "type": "index-pattern"}, {"id": "38c95ae0-6e4d-11ec-864c-8b5450f97635", "name": "93e059d5-fc50-4357-9dfa-939f48da5834:panel_93e059d5-fc50-4357-9dfa-939f48da5834", "type": "lens"}, {"id": "de389910-6f0a-11ec-864c-8b5450f97635", "name": "cb25c6cd-4360-4a3f-8c5c-49a1b1a3d002:panel_cb25c6cd-4360-4a3f-8c5c-49a1b1a3d002", "type": "visualization"}, {"id": "85048e40-6329-11ec-864c-8b5450f97635", "name": "1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b", "type": "lens"}, {"id": "85048e40-6329-11ec-864c-8b5450f97635", "name": "1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b", "type": "lens"}, {"id": "85048e40-6329-11ec-864c-8b5450f97635", "name": "1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b", "type": "lens"}, {"id": "85048e40-6329-11ec-864c-8b5450f97635", "name": "1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b", "type": "lens"}, {"id": "85048e40-6329-11ec-864c-8b5450f97635", "name": "1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b", "type": "lens"}, {"id": "85048e40-6329-11ec-864c-8b5450f97635", "name": "1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b", "type": "lens"}, {"id": "85048e40-6329-11ec-864c-8b5450f97635", "name": "1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b", "type": "lens"}, {"id": "85048e40-6329-11ec-864c-8b5450f97635", "name": "1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b", "type": "lens"}, {"id": "85048e40-6329-11ec-864c-8b5450f97635", "name": "1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b", "type": "lens"}, {"id": "85048e40-6329-11ec-864c-8b5450f97635", "name": "1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b", "type": "lens"}, {"id": "85048e40-6329-11ec-864c-8b5450f97635", "name": "1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b", "type": "lens"}, {"id": "85048e40-6329-11ec-864c-8b5450f97635", "name": "1d174f74-9575-4827-8ae0-d5db7d53777b:panel_1d174f74-9575-4827-8ae0-d5db7d53777b", "type": "lens"}, {"id": "endgame-*", "name": "1d174f74-9575-4827-8ae0-d5db7d53777b:indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "1d174f74-9575-4827-8ae0-d5db7d53777b:indexpattern-datasource-layer-89c7faa8-15c2-4772-95a6-8049a683be1a", "type": "index-pattern"}, {"id": "f30bef10-6328-11ec-864c-8b5450f97635", "name": "0dc8b0a7-c750-4e4d-8fa3-fa9fb8814fa1:panel_0dc8b0a7-c750-4e4d-8fa3-fa9fb8814fa1", "type": "lens"}, {"id": "4e1aa7c0-6ed2-11ec-864c-8b5450f97635", "name": "fb5ece46-c6e7-4d56-a48a-607783ad818f:panel_fb5ece46-c6e7-4d56-a48a-607783ad818f", "type": "search"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1262], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDcwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "DNS - Protocol (Donut Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"DNS - Protocol (Donut Chart)\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"protocol.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "49e04860-4a4e-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d46522e0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1264], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDcxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Kerberos - Request Type (Horizontal Bar Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Kerberos - Request Type (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"request_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request Type\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "4aa0b2a0-6e1a-11e7-89e4-613b96f597e1", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "452daa10-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1266], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDcyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - Network - Destination IPs", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Network - Destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IPs\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "4adca340-6eae-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "387f44c0-6ea7-11ea-9266-1fd14ca6af34", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1268], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDczLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND highest_registered_domain:google.com~ -highest_registered_domain:google.com AND highest_registered_domain:youtube.com~ -highest_registered_domain:youtube.com AND highest_registered_domain:facebook.com~ -highest_registered_domain:facebook.com AND highest_registered_domain:wikipedia.org~ -highest_registered_domain:wikipedia.org AND highest_registered_domain:google.co.in~ -highest_registered_domain:google.co.in AND highest_registered_domain:reddit.com~ -highest_registered_domain:reddit.com AND highest_registered_domain:amazon.com~ -highest_registered_domain:amazon.com AND highest_registered_domain:taobao.com~ -highest_registered_domain:taobao.com AND highest_registered_domain:twitter.com~ -highest_registered_domain:twitter.com AND highest_registered_domain:google.co.jp~ -highest_registered_domain:google.co.jp AND highest_registered_domain:instagram.com~ -highest_registered_domain:instagram.com AND highest_registered_domain:sina.com.cn~ -highest_registered_domain:sina.com.cn AND highest_registered_domain:google.co.uk~ -highest_registered_domain:google.co.uk AND highest_registered_domain:linkedin.com~ -highest_registered_domain:linkedin.com AND highest_registered_domain:list.tmall.com~ -highest_registered_domain:list.tmall.com AND highest_registered_domain:google.com.br~ -highest_registered_domain:google.com.br AND highest_registered_domain:google.com.hk~ -highest_registered_domain:google.com.hk AND highest_registered_domain:netflix.com~ -highest_registered_domain:netflix.com AND highest_registered_domain:yahoo.co.jp~ -highest_registered_domain:yahoo.co.jp AND highest_registered_domain:pornhub.com~ -highest_registered_domain:pornhub.com AND highest_registered_domain:xvideos.com~ -highest_registered_domain:xvideos.com AND highest_registered_domain:microsoft.com~ -highest_registered_domain:microsoft.com AND highest_registered_domain:livejasmin.com~ -highest_registered_domain:livejasmin.com AND highest_registered_domain:aliexpress.com~ -highest_registered_domain:aliexpress.com AND highest_registered_domain:stackoverflow.com~ -highest_registered_domain:stackoverflow.com AND highest_registered_domain:wordpress.com~ -highest_registered_domain:wordpress.com AND highest_registered_domain:hao123.com~ -highest_registered_domain:hao123.com AND highest_registered_domain:github.com~ -highest_registered_domain:github.com AND highest_registered_domain:amazon.co.jp~ -highest_registered_domain:amazon.co.jp AND highest_registered_domain:blogspot.com~ -highest_registered_domain:blogspot.com AND highest_registered_domain:pinterest.com~ -highest_registered_domain:pinterest.com AND highest_registered_domain:bongacams.com~ -highest_registered_domain:bongacams.com AND highest_registered_domain:google.com.tr~ -highest_registered_domain:google.com.tr AND highest_registered_domain:popads.net~ -highest_registered_domain:popads.net AND highest_registered_domain:paypal.com~ -highest_registered_domain:paypal.com AND highest_registered_domain:office.com~ -highest_registered_domain:office.com AND highest_registered_domain:google.com.tw~ -highest_registered_domain:google.com.tw AND highest_registered_domain:google.com.au~ -highest_registered_domain:google.com.au AND highest_registered_domain:whatsapp.com~ -highest_registered_domain:whatsapp.com AND highest_registered_domain:microsoftonline.com~ -highest_registered_domain:microsoftonline.com\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "DNS - Phishing Attempts Against Alexa Top Sites", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 0\":\"rgb(0,104,55)\",\"1 - 999999\":\"rgb(165,0,38)\"}}}", "version": 1, "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Phishing attempts against your domain(s)\"},\"schema\":\"metric\",\"type\":\"count\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTooltip\":true,\"gauge\":{\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":0},{\"from\":1,\"to\":999999}],\"extendRange\":true,\"gaugeColorMode\":\"Labels\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Arc\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":true},\"style\":{\"bgColor\":false,\"bgFill\":\"#eee\",\"bgMask\":false,\"bgWidth\":0.9,\"fontSize\":60,\"labelColor\":true,\"mask\":false,\"maskBars\":50,\"subText\":\"Edit this to reflect your domain(s)\",\"width\":0.9},\"type\":\"meter\",\"alignment\":\"horizontal\"}},\"title\":\"DNS - Phishing Attempts Against Alexa Top Sites\",\"type\":\"gauge\"}"}, "coreMigrationVersion": "7.16.2", "id": "4d89e140-6f09-11e7-9d31-23c0596994a7", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1270], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDc0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Connections - Source - Top Connection Duration (Tile Map)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Connections - Source - Top Connection Duration (Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"duration\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"source_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "5ea38360-46c7-11e7-946f-1bfb1be7c36b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1272], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDc1LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.3.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[14.604847155053898,0.17578125],\"mapZoom\":2,\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]", "timeRestore": false, "title": "Connections - Source - Top Connection Duration", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "4e108070-46c7-11e7-946f-1bfb1be7c36b", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "5ea38360-46c7-11e7-946f-1bfb1be7c36b", "name": "panel_1", "type": "visualization"}], "sort": [1643385898421, 1275], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDc2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "PE - Section Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"PE - Section Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"section_names.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "4e56b4d0-416f-11e7-9850-b78558d0ac17", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "66288140-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1277], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDc3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "DHCP - IP to MAC Assignment", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DHCP - IP to MAC Assignment\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"assigned_ip.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Assigned IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mac.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "4e877100-4a48-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "ac1799d0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1279], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDc4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SSL - Issuer", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - SSL - Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.certificate.issuer.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssl.certificate.issuer.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Issuer\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "4e8cbf80-75ec-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1281], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDc5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "RFB - Server Version", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"RFB - Server Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_major_version.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_minor_version.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "4fade7b0-6e22-11e7-b553-7f80727663c1", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "8ba53710-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1283], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDgwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Firewall - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Firewall - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "e76d2eb0-6d6b-11e7-ad64-15aa071374a6", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "37c16940-6d6b-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1285], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDgxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Firewall - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Firewall - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "c3a06740-6d75-11e7-b09b-f57b22df6524", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "37c16940-6d6b-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1287], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDgyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Firewall - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Firewall - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "df06de60-6d75-11e7-b09b-f57b22df6524", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "37c16940-6d6b-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1289], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDgzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Firewall - Destination Port", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Firewall - Destination Port\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "fcf75bc0-6d75-11e7-b09b-f57b22df6524", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "37c16940-6d6b-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1291], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDg0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Firewall - Protocol", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Firewall - Protocol\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"ipv4_protocol.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "f8f0dbc0-6d82-11e7-912f-0950e6d5c322", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "37c16940-6d6b-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1293], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDg1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Firewall - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"Firewall - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHH3kBxQT5EBNmq459", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "37c16940-6d6b-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1295], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDg2LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\",\"time_zone\":\"America/New_York\"}},\"language\":\"lucene\"},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":60,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":36,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":36,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":16,\"x\":8,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":16,\"x\":32,\"y\":8,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":12,\"x\":8,\"y\":24,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":60,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"columns\":[\"action\",\"reason\",\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]", "timeRestore": false, "title": "z16.04 - Firewall", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "50173bd0-3582-11e7-98ef-19df58fe538b", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "e76d2eb0-6d6b-11e7-ad64-15aa071374a6", "name": "panel_1", "type": "visualization"}, {"id": "c3a06740-6d75-11e7-b09b-f57b22df6524", "name": "panel_2", "type": "visualization"}, {"id": "df06de60-6d75-11e7-b09b-f57b22df6524", "name": "panel_3", "type": "visualization"}, {"id": "2a1eb100-6d82-11e7-bcd4-0d514e0e7da1", "name": "panel_4", "type": "visualization"}, {"id": "fcf75bc0-6d75-11e7-b09b-f57b22df6524", "name": "panel_5", "type": "visualization"}, {"id": "f8f0dbc0-6d82-11e7-912f-0950e6d5c322", "name": "panel_6", "type": "visualization"}, {"id": "37c16940-6d6b-11e7-ad64-15aa071374a6", "name": "panel_7", "type": "search"}, {"id": "AWDHH3kBxQT5EBNmq459", "name": "panel_8", "type": "visualization"}], "sort": [1643385898421, 1305], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDg3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - File Size", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - File Size\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.size: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.size\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Size\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "50b4c880-72df-11ea-8dd2-9d8795a1200b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1307], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDg4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "RDP - Client", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"RDP - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "524e13b0-371c-11e7-90f8-87842d5eedc9", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "823dd600-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1309], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDg5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - DNS - Answers", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - DNS - Answers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dns.answers.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.answers.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Answer\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "536876a0-72ba-11ea-8dd2-9d8795a1200b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1311], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDkwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Tunnels - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Tunnels - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "53824da0-6e35-11e7-9a19-a5996f8250c6", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d26d5510-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1313], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDkxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SIP - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"SIP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "5393c710-3640-11e7-a6f7-4f44d7bf1c33", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9e131480-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1315], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDkyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SSL - Server", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SSL - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "53ac63e0-365b-11e7-8bd0-1db2c55fb7a1", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c8f21de0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1317], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDkzLDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"0600494b-6f03-450b-8dab-981005aedf32": {"columnOrder": ["0f00561d-d6d7-46b2-af59-4ea225a9893a", "34e0e2cc-aab4-4581-9bc4-aba527024007"], "columns": {"0f00561d-d6d7-46b2-af59-4ea225a9893a": {"dataType": "date", "isBucketed": true, "label": "@timestamp", "operationType": "date_histogram", "params": {"interval": "auto"}, "scale": "interval", "sourceField": "@timestamp"}, "34e0e2cc-aab4-4581-9bc4-aba527024007": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count", "operationType": "count", "params": {"format": {"id": "number", "params": {"decimals": 0}}}, "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": "event.kind : \"alert\" "}, "visualization": {"axisTitlesVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "fittingFunction": "None", "gridlinesVisibilitySettings": {"x": false, "yLeft": true, "yRight": true}, "labelsOrientation": {"x": 0, "yLeft": 0, "yRight": 0}, "layers": [{"accessors": ["34e0e2cc-aab4-4581-9bc4-aba527024007"], "layerId": "0600494b-6f03-450b-8dab-981005aedf32", "layerType": "data", "position": "top", "seriesType": "bar", "showGridlines": false, "xAccessor": "0f00561d-d6d7-46b2-af59-4ea225a9893a"}], "legend": {"isVisible": true, "position": "right"}, "preferredSeriesType": "bar", "tickLabelsVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "valueLabels": "hide", "yLeftExtent": {"mode": "full"}, "yRightExtent": {"mode": "full"}}}, "title": "Endgame - Alert Log Count Over Time", "visualizationType": "lnsXY"}, "coreMigrationVersion": "7.16.2", "id": "53b9b490-6cc1-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-0600494b-6f03-450b-8dab-981005aedf32", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1321], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDk0LDE1XQ=="} +{"attributes": {"columns": ["source_ip", "source_port", "destination_ip", "destination_port", "uid", "_id"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_smtp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "SMTP - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "a6cea530-342e-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1323], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDk1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SMTP - Webmail - True/False (Vertical Bar Chart)", "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", "version": 1, "visState": "{\"title\":\"SMTP - Webmail - True/False (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Webmail\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"is_webmail.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Webmail\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "53beb0d0-6e29-11e7-8b76-75eee0095daa", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "a6cea530-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1325], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDk2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SSH - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SSH - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "54d78f50-6e33-11e7-9a19-a5996f8250c6", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c33e7600-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1327], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDk3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - NTLM - Success", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - NTLM - Success\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ntlm.success: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ntlm.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Success\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "e9f31a70-75c2-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1329], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDk4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - NTLM - Tree", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - NTLM - Tree\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ntlm.server.tree.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ntlm.server.tree.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Tree\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "8cb83890-75c2-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1331], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MDk5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - NTLM - Server", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - NTLM - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Netbios\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"DNS\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ntlm.server.nb.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"NetBIOS\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ntlm.server.dns.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"\",\"customLabel\":\"DNS\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "63f139c0-75c2-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1333], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTAwLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:ntlm\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"4555a871-9c2c-48d4-b143-bffc6d41ea4d\"},\"panelIndex\":\"4555a871-9c2c-48d4-b143-bffc6d41ea4d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":14,\"y\":0,\"w\":16,\"h\":9,\"i\":\"0bc9ae29-cbc1-4272-ad27-9c2ff51c19ff\"},\"panelIndex\":\"0bc9ae29-cbc1-4272-ad27-9c2ff51c19ff\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":9,\"i\":\"d32748d9-d47b-41bb-ab9f-b59817230998\"},\"panelIndex\":\"d32748d9-d47b-41bb-ab9f-b59817230998\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":18,\"i\":\"2f7a5ee8-2258-4c8d-af2d-99a9e11defa2\"},\"panelIndex\":\"2f7a5ee8-2258-4c8d-af2d-99a9e11defa2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":18,\"i\":\"4a50def3-c905-4493-b352-59741d68326e\"},\"panelIndex\":\"4a50def3-c905-4493-b352-59741d68326e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":9,\"w\":10,\"h\":18,\"i\":\"075d7365-e106-4a1e-b003-bab7abbb7146\"},\"panelIndex\":\"075d7365-e106-4a1e-b003-bab7abbb7146\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":26,\"y\":9,\"w\":9,\"h\":18,\"i\":\"5202d0b2-7f34-4182-8e25-ec87d4df0965\"},\"panelIndex\":\"5202d0b2-7f34-4182-8e25-ec87d4df0965\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":35,\"y\":9,\"w\":13,\"h\":18,\"i\":\"f93042fa-bdd7-495f-af7b-eec95073e015\"},\"panelIndex\":\"f93042fa-bdd7-495f-af7b-eec95073e015\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":29,\"i\":\"c72c241d-5b6f-475c-831b-4419dd437a26\"},\"panelIndex\":\"c72c241d-5b6f-475c-831b-4419dd437a26\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]", "timeRestore": false, "title": "Security Onion - NTLM", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "558292e0-75c1-11ea-9565-7315f4ee5cac", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "e9f31a70-75c2-11ea-9565-7315f4ee5cac", "name": "panel_5", "type": "visualization"}, {"id": "8cb83890-75c2-11ea-9565-7315f4ee5cac", "name": "panel_6", "type": "visualization"}, {"id": "63f139c0-75c2-11ea-9565-7315f4ee5cac", "name": "panel_7", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_8", "type": "search"}], "sort": [1643385898421, 1343], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTAxLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:dns\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.11.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"ae3e83b1-5e53-40eb-8e4f-541e4851ddd2\"},\"panelIndex\":\"ae3e83b1-5e53-40eb-8e4f-541e4851ddd2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.11.2\",\"gridData\":{\"x\":14,\"y\":0,\"w\":14,\"h\":9,\"i\":\"4b8b4859-bd5c-446c-94e1-6d9b57cbe922\"},\"panelIndex\":\"4b8b4859-bd5c-446c-94e1-6d9b57cbe922\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.11.2\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":9,\"i\":\"ee03c5c1-9e26-42e3-b569-afa2712d7047\"},\"panelIndex\":\"ee03c5c1-9e26-42e3-b569-afa2712d7047\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.11.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":19,\"i\":\"706d8a5a-a263-48d0-8eb8-12eeade27115\"},\"panelIndex\":\"706d8a5a-a263-48d0-8eb8-12eeade27115\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.11.2\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":19,\"i\":\"bf29b086-8b8d-47a5-8280-afeb737d6163\"},\"panelIndex\":\"bf29b086-8b8d-47a5-8280-afeb737d6163\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.11.2\",\"gridData\":{\"x\":18,\"y\":9,\"w\":8,\"h\":19,\"i\":\"e99fb09c-6d8a-4a26-87ca-9ab82ef137c9\"},\"panelIndex\":\"e99fb09c-6d8a-4a26-87ca-9ab82ef137c9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.11.2\",\"gridData\":{\"x\":26,\"y\":9,\"w\":11,\"h\":19,\"i\":\"499d1548-292c-47a9-8f26-73a6af91d004\"},\"panelIndex\":\"499d1548-292c-47a9-8f26-73a6af91d004\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.11.2\",\"gridData\":{\"x\":0,\"y\":28,\"w\":23,\"h\":21,\"i\":\"e41240ec-8024-4f3f-9de0-869622470e4d\"},\"panelIndex\":\"e41240ec-8024-4f3f-9de0-869622470e4d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.11.2\",\"gridData\":{\"x\":23,\"y\":28,\"w\":25,\"h\":21,\"i\":\"fe297ab2-9a4b-438c-913b-7b5d1dea6182\"},\"panelIndex\":\"fe297ab2-9a4b-438c-913b-7b5d1dea6182\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.11.2\",\"gridData\":{\"x\":0,\"y\":49,\"w\":48,\"h\":29,\"i\":\"ae756423-c1d9-46f8-a1ee-28ee9626349d\"},\"panelIndex\":\"ae756423-c1d9-46f8-a1ee-28ee9626349d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.11.2\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":19,\"i\":\"e79ec813-6af2-4618-ad48-a25444a8abe4\"},\"panelIndex\":\"e79ec813-6af2-4618-ad48-a25444a8abe4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"}]", "timeRestore": false, "title": "Security Onion - DNS", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "55ac6bf0-6ec4-11ea-9266-1fd14ca6af34", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "c879ad60-72a1-11ea-8dd2-9d8795a1200b", "name": "panel_2", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_5", "type": "visualization"}, {"id": "13cda410-c770-11ea-bebb-37c5ab5894ea", "name": "panel_6", "type": "visualization"}, {"id": "07065340-72ba-11ea-8dd2-9d8795a1200b", "name": "panel_7", "type": "visualization"}, {"id": "536876a0-72ba-11ea-8dd2-9d8795a1200b", "name": "panel_8", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_9", "type": "search"}, {"id": "336dbde0-88aa-11eb-9841-852c8cc8a2e8", "name": "panel_10", "type": "visualization"}], "sort": [1643385898421, 1355], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTAyLDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"e980cacd-054a-4c43-95aa-1b036dac04fd": {"columnOrder": ["81df4048-abc0-4b0f-a7ec-9cf28f8cb367", "528ff47c-2e2a-40e5-a5be-2983ecff6031", "c2e1a93b-7344-40a5-9926-fc15afd832f0", "5c038dd2-ec5b-4ef9-8e5c-7c2db912c05a", "ad97207d-9f1a-4d60-9db3-0719f5596b29"], "columns": {"528ff47c-2e2a-40e5-a5be-2983ecff6031": {"customLabel": true, "dataType": "ip", "isBucketed": true, "label": "IP", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "ad97207d-9f1a-4d60-9db3-0719f5596b29", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "host.ip"}, "5c038dd2-ec5b-4ef9-8e5c-7c2db912c05a": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "Version", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "ad97207d-9f1a-4d60-9db3-0719f5596b29", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "host.os.version"}, "81df4048-abc0-4b0f-a7ec-9cf28f8cb367": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "Hostname", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "ad97207d-9f1a-4d60-9db3-0719f5596b29", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 5}, "scale": "ordinal", "sourceField": "host.name"}, "ad97207d-9f1a-4d60-9db3-0719f5596b29": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Total Logs", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "c2e1a93b-7344-40a5-9926-fc15afd832f0": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "OS", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "ad97207d-9f1a-4d60-9db3-0719f5596b29", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "host.os.name"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": ""}, "visualization": {"columns": [{"columnId": "ad97207d-9f1a-4d60-9db3-0719f5596b29", "isTransposed": false}, {"columnId": "81df4048-abc0-4b0f-a7ec-9cf28f8cb367", "isTransposed": false}, {"columnId": "528ff47c-2e2a-40e5-a5be-2983ecff6031", "isTransposed": false}, {"columnId": "c2e1a93b-7344-40a5-9926-fc15afd832f0", "isTransposed": false}, {"columnId": "5c038dd2-ec5b-4ef9-8e5c-7c2db912c05a", "isTransposed": false}], "layerId": "e980cacd-054a-4c43-95aa-1b036dac04fd", "layerType": "data"}}, "title": "Endgame - Host Table", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "55edc2d0-68b4-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-e980cacd-054a-4c43-95aa-1b036dac04fd", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1359], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTAzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "IRC - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"IRC - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "85b1f890-35b7-11e7-a994-c528746bc6e8", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "344c6010-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1361], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTA0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "IRC - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"IRC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "bf959cb0-35b7-11e7-a994-c528746bc6e8", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "344c6010-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1363], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTA1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "IRC - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"IRC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "e4615200-35b7-11e7-a994-c528746bc6e8", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "344c6010-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1365], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTA2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "IRC - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"IRC - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDG_HoKxQT5EBNmq4KN", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "344c6010-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1367], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTA3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "IRC - Destination Country", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"IRC - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_geo.city_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination City\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "f625b7b0-4a56-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "344c6010-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1369], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTA4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "IRC - Command", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"IRC - Command\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"irc_command.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "7bc09930-4a57-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "344c6010-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1371], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTA5LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":8,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]", "timeRestore": false, "title": "z16.04 - Bro - IRC", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "56a34ce0-3583-11e7-a588-05992195c551", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "85b1f890-35b7-11e7-a994-c528746bc6e8", "name": "panel_1", "type": "visualization"}, {"id": "bf959cb0-35b7-11e7-a994-c528746bc6e8", "name": "panel_2", "type": "visualization"}, {"id": "e4615200-35b7-11e7-a994-c528746bc6e8", "name": "panel_3", "type": "visualization"}, {"id": "344c6010-342e-11e7-9e93-53b62e1857b2", "name": "panel_4", "type": "search"}, {"id": "3c073d20-6e17-11e7-8624-1fb07dd76c6a", "name": "panel_5", "type": "visualization"}, {"id": "AWDG_HoKxQT5EBNmq4KN", "name": "panel_6", "type": "visualization"}, {"id": "f625b7b0-4a56-11e8-9b0a-f1d33346f773", "name": "panel_7", "type": "visualization"}, {"id": "7bc09930-4a57-11e8-9b0a-f1d33346f773", "name": "panel_8", "type": "visualization"}], "sort": [1643385898421, 1381], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTEwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "DNS - Client", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DNS - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "57a9a3f0-34c0-11e7-9b32-bb903919ead9", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d46522e0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1383], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTExLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "DHCP - Lease Time", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DHCP - Lease Time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"lease_time.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Lease Time\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "58c84f60-0edb-11e9-9846-59f545e7293f", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "ac1799d0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1385], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTEyLDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"46832f84-f86b-4914-a3ac-aaeda9f09cf7": {"columnOrder": ["77069155-4e9a-4727-b888-648fed60258e", "e7878efe-2181-449d-afd3-771296665829", "738c056c-c4eb-4855-a690-90fa5b9e23f8", "02c8c47e-9b96-4384-b467-1fd9cff2b78b", "d61f74aa-1899-4881-a2cc-d0dc7cbf28df", "6de07e81-5ee7-4885-af47-26b401667757", "895abdf3-8c99-4473-a904-b379d478aae1", "e30b3573-c58d-4b82-853d-70c1d090d641"], "columns": {"02c8c47e-9b96-4384-b467-1fd9cff2b78b": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "process.command_line", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "e30b3573-c58d-4b82-853d-70c1d090d641", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "process.command_line"}, "6de07e81-5ee7-4885-af47-26b401667757": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "file.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "e30b3573-c58d-4b82-853d-70c1d090d641", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "file.name"}, "738c056c-c4eb-4855-a690-90fa5b9e23f8": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "Category", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "e30b3573-c58d-4b82-853d-70c1d090d641", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "event.category"}, "77069155-4e9a-4727-b888-648fed60258e": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "event.id (click on + to go to Endgame)", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "e30b3573-c58d-4b82-853d-70c1d090d641", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 10}, "scale": "ordinal", "sourceField": "event.id"}, "895abdf3-8c99-4473-a904-b379d478aae1": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "host.domain", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "e30b3573-c58d-4b82-853d-70c1d090d641", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "host.domain"}, "d61f74aa-1899-4881-a2cc-d0dc7cbf28df": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "process.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "e30b3573-c58d-4b82-853d-70c1d090d641", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "process.name"}, "e30b3573-c58d-4b82-853d-70c1d090d641": {"dataType": "number", "isBucketed": false, "label": "Count of records", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "e7878efe-2181-449d-afd3-771296665829": {"customLabel": true, "dataType": "number", "isBucketed": true, "label": "Severity", "operationType": "range", "params": {"maxBars": "auto", "ranges": [{"from": 0, "label": "", "to": 1000}], "type": "histogram"}, "scale": "interval", "sourceField": "event.severity"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": "event.kind : \"alert\" "}, "visualization": {"columns": [{"columnId": "77069155-4e9a-4727-b888-648fed60258e", "isTransposed": false}, {"alignment": "center", "columnId": "e7878efe-2181-449d-afd3-771296665829", "isTransposed": false}, {"columnId": "738c056c-c4eb-4855-a690-90fa5b9e23f8", "isTransposed": false}, {"columnId": "02c8c47e-9b96-4384-b467-1fd9cff2b78b", "isTransposed": false}, {"columnId": "d61f74aa-1899-4881-a2cc-d0dc7cbf28df", "isTransposed": false}, {"columnId": "6de07e81-5ee7-4885-af47-26b401667757", "isTransposed": false}, {"columnId": "895abdf3-8c99-4473-a904-b379d478aae1", "isTransposed": false}, {"columnId": "e30b3573-c58d-4b82-853d-70c1d090d641", "hidden": true, "isTransposed": false}], "layerId": "46832f84-f86b-4914-a3ac-aaeda9f09cf7", "layerType": "data"}}, "title": "Endgame - Alerts with drilldown", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "5a203910-6cbe-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-46832f84-f86b-4914-a3ac-aaeda9f09cf7", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1389], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTEzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Devices - Log Count By Device", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Devices - Log Count By Device\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-host_from.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Device\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "5b3988c0-a840-11e7-893a-1b88920b2837", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1391], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTE0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - RDP - Client Build", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - RDP - Client Build\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rdp.client_build.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rdp.client_build.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Build\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "bdae8640-75c5-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1393], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTE1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - RDP - Security Protocol", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - RDP - Security Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rdp.security_protocol.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rdp.security_protocol.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "dad85840-75c5-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1395], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTE2LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:rdp\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"1aacbaf6-078a-4b6e-bbd2-ae21a4974aba\"},\"panelIndex\":\"1aacbaf6-078a-4b6e-bbd2-ae21a4974aba\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"8abc0250-1076-45e8-b62b-54dc7dd0cfca\"},\"panelIndex\":\"8abc0250-1076-45e8-b62b-54dc7dd0cfca\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"dc48b27e-f00b-4723-87ab-64f726e51e74\"},\"panelIndex\":\"dc48b27e-f00b-4723-87ab-64f726e51e74\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"da3945b4-9e74-4bb9-8868-a13f1d9bc0d8\"},\"panelIndex\":\"da3945b4-9e74-4bb9-8868-a13f1d9bc0d8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"f4437b55-61ef-4818-a8c4-448407c7052b\"},\"panelIndex\":\"f4437b55-61ef-4818-a8c4-448407c7052b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":18,\"y\":8,\"w\":7,\"h\":19,\"i\":\"33630c53-4de4-4064-a319-bd71be01dc06\"},\"panelIndex\":\"33630c53-4de4-4064-a319-bd71be01dc06\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":25,\"y\":8,\"w\":7,\"h\":19,\"i\":\"ed8dee78-79d4-47cf-9ed5-6120f00f3aaf\"},\"panelIndex\":\"ed8dee78-79d4-47cf-9ed5-6120f00f3aaf\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":32,\"y\":8,\"w\":7,\"h\":19,\"i\":\"35083762-4591-44ac-a31f-36bed3414af2\"},\"panelIndex\":\"35083762-4591-44ac-a31f-36bed3414af2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":39,\"y\":8,\"w\":9,\"h\":19,\"i\":\"66e7cf00-ec90-4df3-acd3-02fb271f0959\"},\"panelIndex\":\"66e7cf00-ec90-4df3-acd3-02fb271f0959\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":29,\"i\":\"f84fe347-bdda-4297-b460-eee297f7e91e\"},\"panelIndex\":\"f84fe347-bdda-4297-b460-eee297f7e91e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]", "timeRestore": false, "title": "Security Onion - RDP", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "5b743150-75c5-11ea-9565-7315f4ee5cac", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "bdae8640-75c5-11ea-9565-7315f4ee5cac", "name": "panel_5", "type": "visualization"}, {"id": "dad85840-75c5-11ea-9565-7315f4ee5cac", "name": "panel_6", "type": "visualization"}, {"id": "0c006bb0-75c6-11ea-9565-7315f4ee5cac", "name": "panel_7", "type": "visualization"}, {"id": "2e7363f0-75c6-11ea-9565-7315f4ee5cac", "name": "panel_8", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_9", "type": "search"}], "sort": [1643385898421, 1406], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTE3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Nodes", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Nodes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "5cba9760-6e9b-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1408], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTE4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Endgame - All Logs", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Endgame - All Logs\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":50}}}}"}, "coreMigrationVersion": "7.16.2", "id": "e2da1340-53a3-11ec-b3ef-6bcc33056a36", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "endgame-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1411], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTE5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Endgame - Categories with Full Event Type", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Endgame - Categories with Full Event Type\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"endgame.event_type_full\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event Type\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event Category\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"showToolbar\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"row\":true}}"}, "coreMigrationVersion": "7.16.2", "id": "af1768b0-53ac-11ec-b3ef-6bcc33056a36", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "endgame-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1414], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTIwLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"}, "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}", "panelsJSON": "[{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"fe254730-eee5-4aff-b672-a83e54b49c12\"},\"panelIndex\":\"fe254730-eee5-4aff-b672-a83e54b49c12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fe254730-eee5-4aff-b672-a83e54b49c12\"},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":25,\"h\":9,\"i\":\"5e96a8cf-1dab-4df2-a4be-baf960448da4\"},\"panelIndex\":\"5e96a8cf-1dab-4df2-a4be-baf960448da4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5e96a8cf-1dab-4df2-a4be-baf960448da4\"},{\"version\":\"7.16.0\",\"type\":\"visualization\",\"gridData\":{\"x\":38,\"y\":0,\"w\":10,\"h\":9,\"i\":\"38c65a86-724b-4c25-818b-1564fbb3793f\"},\"panelIndex\":\"38c65a86-724b-4c25-818b-1564fbb3793f\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Alert Count\",\"description\":\"\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"searchSource\":{\"index\":\"endgame-*\",\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"endgame-*\",\"key\":\"event.action\",\"negate\":false,\"params\":{\"query\":\"detection\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.action\":\"detection\"}}}]}}},\"enhancements\":{},\"type\":\"visualization\"}},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":13,\"h\":16,\"i\":\"680adbf3-9347-4c45-87b8-d87587e38b09\"},\"panelIndex\":\"680adbf3-9347-4c45-87b8-d87587e38b09\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_680adbf3-9347-4c45-87b8-d87587e38b09\"},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":9,\"w\":25,\"h\":16,\"i\":\"6569d104-bb49-4de6-8d2d-9dc49739b291\"},\"panelIndex\":\"6569d104-bb49-4de6-8d2d-9dc49739b291\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6569d104-bb49-4de6-8d2d-9dc49739b291\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":25,\"w\":48,\"h\":13,\"i\":\"4a354630-93fd-4370-b10f-80386aee6d00\"},\"panelIndex\":\"4a354630-93fd-4370-b10f-80386aee6d00\",\"embeddableConfig\":{\"columns\":[],\"enhancements\":{}},\"panelRefName\":\"panel_4a354630-93fd-4370-b10f-80386aee6d00\"}]", "timeRestore": false, "title": "Endgame - Host", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "5d8f04d0-53b6-11ec-b3ef-6bcc33056a36", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "e2da1340-53a3-11ec-b3ef-6bcc33056a36", "name": "fe254730-eee5-4aff-b672-a83e54b49c12:panel_fe254730-eee5-4aff-b672-a83e54b49c12", "type": "visualization"}, {"id": "2f7966b0-53a4-11ec-b3ef-6bcc33056a36", "name": "5e96a8cf-1dab-4df2-a4be-baf960448da4:panel_5e96a8cf-1dab-4df2-a4be-baf960448da4", "type": "visualization"}, {"id": "endgame-*", "name": "38c65a86-724b-4c25-818b-1564fbb3793f:kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}, {"id": "endgame-*", "name": "38c65a86-724b-4c25-818b-1564fbb3793f:kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", "type": "index-pattern"}, {"id": "3b50b220-53ab-11ec-b3ef-6bcc33056a36", "name": "680adbf3-9347-4c45-87b8-d87587e38b09:panel_680adbf3-9347-4c45-87b8-d87587e38b09", "type": "visualization"}, {"id": "af1768b0-53ac-11ec-b3ef-6bcc33056a36", "name": "6569d104-bb49-4de6-8d2d-9dc49739b291:panel_6569d104-bb49-4de6-8d2d-9dc49739b291", "type": "visualization"}, {"id": "20c85b70-53aa-11ec-b3ef-6bcc33056a36", "name": "4a354630-93fd-4370-b10f-80386aee6d00:panel_4a354630-93fd-4370-b10f-80386aee6d00", "type": "search"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1423], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTIxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "MySQL - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"MySQL - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "5d9031a0-363f-11e7-a6f7-4f44d7bf1c33", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "5d624230-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1425], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTIyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - RFB - Client Version", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - RFB - Client Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Major Version\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.client_major_version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.client_minor_version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Minor Version\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "5dcf09e0-75c8-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1427], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTIzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "RADIUS - Connection Information", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"RADIUS - Connection Information\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connect_info.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection Info\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "5df79fe0-3809-11e7-a1cc-ebc6a7e70e84", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "75545310-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1429], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTI0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Host - Process Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process.executable.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Process Image\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"process.command_line.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"title\":\"Security Onion - Host - Process Name\"}"}, "coreMigrationVersion": "7.16.2", "id": "5e18a970-c77f-11ea-bebb-37c5ab5894ea", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1431], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTI1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SIP - URI", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SIP - URI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"uri.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "5e36c370-3753-11e7-b74a-f5057991ccd2", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9e131480-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1433], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTI2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - FTP - Argument", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - FTP - Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ftp.argument.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "5fcdb0c0-755f-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1435], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTI3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SMB - FIle Path", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SMB - FIle Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"path.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "60384e00-3aaf-11e7-a83b-b1b4da7d15f4", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "19849f30-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1437], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTI4LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"97b747de-fee3-4557-84f6-3d6aecd1f5c7": {"columnOrder": ["dccdca2f-fac1-43ce-8c74-d50a8a007366"], "columns": {"dccdca2f-fac1-43ce-8c74-d50a8a007366": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Hosts", "operationType": "unique_count", "scale": "ratio", "sourceField": "host.ip"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": ""}, "visualization": {"accessor": "dccdca2f-fac1-43ce-8c74-d50a8a007366", "layerId": "97b747de-fee3-4557-84f6-3d6aecd1f5c7", "layerType": "data"}}, "title": "Endgame - Hosts Metric", "visualizationType": "lnsMetric"}, "coreMigrationVersion": "7.16.2", "id": "df2ef610-6a1f-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-97b747de-fee3-4557-84f6-3d6aecd1f5c7", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1441], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTI5LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"fac6e4a9-2d36-463c-b2b0-b451546f6f20": {"columnOrder": ["2bea62c1-f8ef-43c3-b9c3-1931437bc5db"], "columns": {"2bea62c1-f8ef-43c3-b9c3-1931437bc5db": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Alerts", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.action", "negate": false, "params": {"query": "detection"}, "type": "phrase"}, "query": {"match_phrase": {"event.action": "detection"}}}], "query": {"language": "kuery", "query": ""}, "visualization": {"accessor": "2bea62c1-f8ef-43c3-b9c3-1931437bc5db", "layerId": "fac6e4a9-2d36-463c-b2b0-b451546f6f20", "layerType": "data"}}, "title": "Endgame - Alerts Metric", "visualizationType": "lnsMetric"}, "coreMigrationVersion": "7.16.2", "id": "d07fce50-6a1f-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-fac6e4a9-2d36-463c-b2b0-b451546f6f20", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1446], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTMwLDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"8acd9613-749e-4ecc-a97e-24fa0c586661": {"columnOrder": ["8449f044-6a5e-439c-96a6-8512972b0b47", "d31636dd-3123-499d-b049-f8f62bf4886c", "78001c1d-52c1-42ad-ae15-d7d53f63443d"], "columns": {"78001c1d-52c1-42ad-ae15-d7d53f63443d": {"dataType": "number", "isBucketed": false, "label": "Count of records", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "8449f044-6a5e-439c-96a6-8512972b0b47": {"dataType": "date", "isBucketed": true, "label": "@timestamp", "operationType": "date_histogram", "params": {"interval": "auto"}, "scale": "interval", "sourceField": "@timestamp"}, "d31636dd-3123-499d-b049-f8f62bf4886c": {"dataType": "string", "isBucketed": true, "label": "Top values of host.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "78001c1d-52c1-42ad-ae15-d7d53f63443d", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "host.name"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": ""}, "visualization": {"axisTitlesVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "fittingFunction": "None", "gridlinesVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "labelsOrientation": {"x": 0, "yLeft": 0, "yRight": 0}, "layers": [{"accessors": ["78001c1d-52c1-42ad-ae15-d7d53f63443d"], "layerId": "8acd9613-749e-4ecc-a97e-24fa0c586661", "layerType": "data", "position": "top", "seriesType": "bar_stacked", "showGridlines": false, "splitAccessor": "d31636dd-3123-499d-b049-f8f62bf4886c", "xAccessor": "8449f044-6a5e-439c-96a6-8512972b0b47"}], "legend": {"isVisible": true, "position": "right"}, "preferredSeriesType": "bar_stacked", "tickLabelsVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "valueLabels": "hide", "yLeftExtent": {"mode": "full"}, "yRightExtent": {"mode": "full"}}}, "title": "Endgame - Logs Over Time", "visualizationType": "lnsXY"}, "coreMigrationVersion": "7.16.2", "id": "82185ff0-696d-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-8acd9613-749e-4ecc-a97e-24fa0c586661", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1450], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTMxLDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"9643f560-7a46-408c-b61d-ed2a87fc6103": {"columnOrder": ["305b2f21-9981-40d5-a79b-f7a78eea89b4", "3520723b-f0f3-4845-975c-e97380d8124b"], "columns": {"305b2f21-9981-40d5-a79b-f7a78eea89b4": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "process.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "3520723b-f0f3-4845-975c-e97380d8124b", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 20}, "scale": "ordinal", "sourceField": "process.name"}, "3520723b-f0f3-4845-975c-e97380d8124b": {"dataType": "number", "isBucketed": false, "label": "Count of records", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": "event.category.keyword : \"process\" "}, "visualization": {"layers": [{"categoryDisplay": "default", "groups": ["305b2f21-9981-40d5-a79b-f7a78eea89b4"], "layerId": "9643f560-7a46-408c-b61d-ed2a87fc6103", "layerType": "data", "legendDisplay": "default", "metric": "3520723b-f0f3-4845-975c-e97380d8124b", "nestedLegend": false, "numberDisplay": "percent"}], "palette": {"name": "kibana_palette", "type": "palette"}, "shape": "treemap"}}, "title": "Endgame - Processes", "visualizationType": "lnsPie"}, "coreMigrationVersion": "7.16.2", "id": "e2cff350-6ccc-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-9643f560-7a46-408c-b61d-ed2a87fc6103", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1454], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTMyLDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"3c3da49b-8bd7-4bda-a105-3ca8d03a92a1": {"columnOrder": ["5879e1c5-7dc8-47b4-9e77-fcc86dace366"], "columns": {"5879e1c5-7dc8-47b4-9e77-fcc86dace366": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": "event.category.keyword : \"process\" "}, "visualization": {"accessor": "5879e1c5-7dc8-47b4-9e77-fcc86dace366", "layerId": "3c3da49b-8bd7-4bda-a105-3ca8d03a92a1", "layerType": "data"}}, "title": "Endgame - Process Logs", "visualizationType": "lnsMetric"}, "coreMigrationVersion": "7.16.2", "id": "ed1f0300-6cd1-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-3c3da49b-8bd7-4bda-a105-3ca8d03a92a1", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1458], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTMzLDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"13fd0aca-d81f-48ad-8ec0-f46d3fc261b9": {"columnOrder": ["198cf7c0-6033-4379-bfca-2216fc2b6c1b", "17394250-c888-4ac8-aff4-4a735e5d1c54"], "columns": {"17394250-c888-4ac8-aff4-4a735e5d1c54": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "198cf7c0-6033-4379-bfca-2216fc2b6c1b": {"dataType": "date", "isBucketed": true, "label": "@timestamp", "operationType": "date_histogram", "params": {"interval": "auto"}, "scale": "interval", "sourceField": "@timestamp"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": "event.category.keyword : \"process\" "}, "visualization": {"axisTitlesVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "fittingFunction": "None", "gridlinesVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "labelsOrientation": {"x": 0, "yLeft": 0, "yRight": 0}, "layers": [{"accessors": ["17394250-c888-4ac8-aff4-4a735e5d1c54"], "layerId": "13fd0aca-d81f-48ad-8ec0-f46d3fc261b9", "layerType": "data", "position": "top", "seriesType": "area", "showGridlines": false, "xAccessor": "198cf7c0-6033-4379-bfca-2216fc2b6c1b"}], "legend": {"isVisible": true, "position": "right"}, "preferredSeriesType": "area", "tickLabelsVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "valueLabels": "hide", "yLeftExtent": {"mode": "full"}, "yRightExtent": {"mode": "full"}}}, "title": "Endgame - Process Log Count Over Time", "visualizationType": "lnsXY"}, "coreMigrationVersion": "7.16.2", "id": "f1e98360-6cd1-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-13fd0aca-d81f-48ad-8ec0-f46d3fc261b9", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1462], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTM0LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"3b6026b4-9c36-4fbc-9f90-bd5580303bea": {"columnOrder": ["d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721", "ff0a89b4-427d-4739-bb83-86794a1f4289"], "columns": {"d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "user.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "ff0a89b4-427d-4739-bb83-86794a1f4289", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 20}, "scale": "ordinal", "sourceField": "user.name"}, "ff0a89b4-427d-4739-bb83-86794a1f4289": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": "event.category.keyword : \"process\" "}, "visualization": {"columns": [{"columnId": "d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721"}, {"columnId": "ff0a89b4-427d-4739-bb83-86794a1f4289"}], "layerId": "3b6026b4-9c36-4fbc-9f90-bd5580303bea", "layerType": "data"}}, "title": "Endgame - Process Users", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "e88fd030-6ccc-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-3b6026b4-9c36-4fbc-9f90-bd5580303bea", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1466], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTM1LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"b4bc52f0-5c52-4bea-97fb-eb59f08750c7": {"columnOrder": ["9c1ca31d-300f-4b75-868b-8a44e94694c6", "dda96a38-363d-4f03-8c65-3d8376f7050e"], "columns": {"9c1ca31d-300f-4b75-868b-8a44e94694c6": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "event.action", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "dda96a38-363d-4f03-8c65-3d8376f7050e", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 10}, "scale": "ordinal", "sourceField": "event.action"}, "dda96a38-363d-4f03-8c65-3d8376f7050e": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": "event.category: \"process\" "}, "visualization": {"columns": [{"columnId": "9c1ca31d-300f-4b75-868b-8a44e94694c6"}, {"columnId": "dda96a38-363d-4f03-8c65-3d8376f7050e"}], "layerId": "b4bc52f0-5c52-4bea-97fb-eb59f08750c7", "layerType": "data"}}, "title": "Endgame - Process Actions", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "edca7780-6ccc-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-b4bc52f0-5c52-4bea-97fb-eb59f08750c7", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1470], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTM2LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"c2cf18da-c9a6-487f-9ddb-efd26330a73b": {"columnOrder": ["ba18fc18-b228-49c5-b67f-f16d03268eb5", "63fe9cc9-dd12-49c3-b6f6-51722074d378", "0194a818-8b41-44d5-9081-e0351a922200", "e17daf81-0320-4352-84b8-598d1b19f924"], "columns": {"0194a818-8b41-44d5-9081-e0351a922200": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "process.executable", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "e17daf81-0320-4352-84b8-598d1b19f924", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "process.executable"}, "63fe9cc9-dd12-49c3-b6f6-51722074d378": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "process.command_line", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "e17daf81-0320-4352-84b8-598d1b19f924", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "process.command_line"}, "ba18fc18-b228-49c5-b67f-f16d03268eb5": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "process.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "e17daf81-0320-4352-84b8-598d1b19f924", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 5}, "scale": "ordinal", "sourceField": "process.name"}, "e17daf81-0320-4352-84b8-598d1b19f924": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": "event.category.keyword : \"process\" "}, "visualization": {"columns": [{"columnId": "ba18fc18-b228-49c5-b67f-f16d03268eb5", "isTransposed": false, "width": 243}, {"columnId": "63fe9cc9-dd12-49c3-b6f6-51722074d378", "isTransposed": false, "width": 599}, {"columnId": "0194a818-8b41-44d5-9081-e0351a922200", "isTransposed": false, "width": 771}, {"columnId": "e17daf81-0320-4352-84b8-598d1b19f924", "isTransposed": false, "width": 233}], "layerId": "c2cf18da-c9a6-487f-9ddb-efd26330a73b", "layerType": "data"}}, "title": "Endgame - Process Information", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "dbb93900-6ccc-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-c2cf18da-c9a6-487f-9ddb-efd26330a73b", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1474], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTM3LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"}, "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}", "panelsJSON": "[{\"version\":\"7.16.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":11,\"i\":\"26712c83-24f3-4af6-a20e-edab103002fd\"},\"panelIndex\":\"26712c83-24f3-4af6-a20e-edab103002fd\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635) \\n \\n**Event Category** \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame** \\n[Endgame Alerts](https://ENDGAMEHOST/alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_26712c83-24f3-4af6-a20e-edab103002fd\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":0,\"w\":11,\"h\":11,\"i\":\"b7feb2b8-999d-433e-9b12-85aacdc61f16\"},\"panelIndex\":\"b7feb2b8-999d-433e-9b12-85aacdc61f16\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Process Logs\",\"panelRefName\":\"panel_b7feb2b8-999d-433e-9b12-85aacdc61f16\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":19,\"y\":0,\"w\":29,\"h\":11,\"i\":\"8b515da9-7c43-4e1a-872f-e92da896933f\"},\"panelIndex\":\"8b515da9-7c43-4e1a-872f-e92da896933f\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Process Log Count Over Time\",\"panelRefName\":\"panel_8b515da9-7c43-4e1a-872f-e92da896933f\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":11,\"w\":24,\"h\":15,\"i\":\"7837aa9f-dca6-4a7b-9881-65f26b2a5f4f\"},\"panelIndex\":\"7837aa9f-dca6-4a7b-9881-65f26b2a5f4f\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Processes\",\"panelRefName\":\"panel_7837aa9f-dca6-4a7b-9881-65f26b2a5f4f\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":11,\"w\":10,\"h\":15,\"i\":\"26df0dd7-8042-4e69-a4b1-c8ed5a677f6a\"},\"panelIndex\":\"26df0dd7-8042-4e69-a4b1-c8ed5a677f6a\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Process Users\",\"panelRefName\":\"panel_26df0dd7-8042-4e69-a4b1-c8ed5a677f6a\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":34,\"y\":11,\"w\":14,\"h\":15,\"i\":\"508bbc67-1a96-465d-b30d-23aecaaf4895\"},\"panelIndex\":\"508bbc67-1a96-465d-b30d-23aecaaf4895\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Process Actions\",\"panelRefName\":\"panel_508bbc67-1a96-465d-b30d-23aecaaf4895\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":26,\"w\":48,\"h\":14,\"i\":\"a89ab8ad-a272-405f-8db8-4f722bbfeb61\"},\"panelIndex\":\"a89ab8ad-a272-405f-8db8-4f722bbfeb61\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - Process Information\",\"panelRefName\":\"panel_a89ab8ad-a272-405f-8db8-4f722bbfeb61\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":40,\"w\":48,\"h\":17,\"i\":\"9248209e-9f35-48c5-958c-3cab215eb410\"},\"panelIndex\":\"9248209e-9f35-48c5-958c-3cab215eb410\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9248209e-9f35-48c5-958c-3cab215eb410\"}]", "timeRestore": false, "title": "Endgame - Process", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "790991a0-6287-11ec-864c-8b5450f97635", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "754f7380-6d82-11ec-864c-8b5450f97635", "name": "26712c83-24f3-4af6-a20e-edab103002fd:panel_26712c83-24f3-4af6-a20e-edab103002fd", "type": "visualization"}, {"id": "ed1f0300-6cd1-11ec-864c-8b5450f97635", "name": "b7feb2b8-999d-433e-9b12-85aacdc61f16:panel_b7feb2b8-999d-433e-9b12-85aacdc61f16", "type": "lens"}, {"id": "f1e98360-6cd1-11ec-864c-8b5450f97635", "name": "8b515da9-7c43-4e1a-872f-e92da896933f:panel_8b515da9-7c43-4e1a-872f-e92da896933f", "type": "lens"}, {"id": "e2cff350-6ccc-11ec-864c-8b5450f97635", "name": "7837aa9f-dca6-4a7b-9881-65f26b2a5f4f:panel_7837aa9f-dca6-4a7b-9881-65f26b2a5f4f", "type": "lens"}, {"id": "e88fd030-6ccc-11ec-864c-8b5450f97635", "name": "26df0dd7-8042-4e69-a4b1-c8ed5a677f6a:panel_26df0dd7-8042-4e69-a4b1-c8ed5a677f6a", "type": "lens"}, {"id": "edca7780-6ccc-11ec-864c-8b5450f97635", "name": "508bbc67-1a96-465d-b30d-23aecaaf4895:panel_508bbc67-1a96-465d-b30d-23aecaaf4895", "type": "lens"}, {"id": "dbb93900-6ccc-11ec-864c-8b5450f97635", "name": "a89ab8ad-a272-405f-8db8-4f722bbfeb61:panel_a89ab8ad-a272-405f-8db8-4f722bbfeb61", "type": "lens"}, {"id": "424d7a60-6f0b-11ec-864c-8b5450f97635", "name": "9248209e-9f35-48c5-958c-3cab215eb410:panel_9248209e-9f35-48c5-958c-3cab215eb410", "type": "search"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1484], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTM4LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"521cff19-8a9b-4da3-9494-488b27d4dd82": {"columnOrder": ["8dfaf54f-d93c-4ec7-b0ba-eb0952346f84", "34b55020-af44-47dd-8789-141a3bded802", "1f3dc877-ccc1-43a6-8405-b2866867032c"], "columns": {"1f3dc877-ccc1-43a6-8405-b2866867032c": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "34b55020-af44-47dd-8789-141a3bded802": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "registry.key", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "1f3dc877-ccc1-43a6-8405-b2866867032c", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 20}, "scale": "ordinal", "sourceField": "registry.key"}, "8dfaf54f-d93c-4ec7-b0ba-eb0952346f84": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "host.hostname", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "1f3dc877-ccc1-43a6-8405-b2866867032c", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 20}, "scale": "ordinal", "sourceField": "host.name"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": "event.category : \"registry\" "}, "visualization": {"columns": [{"columnId": "8dfaf54f-d93c-4ec7-b0ba-eb0952346f84", "isTransposed": false}, {"columnId": "34b55020-af44-47dd-8789-141a3bded802", "isTransposed": false}, {"columnId": "1f3dc877-ccc1-43a6-8405-b2866867032c", "isTransposed": false}], "layerId": "521cff19-8a9b-4da3-9494-488b27d4dd82", "layerType": "data"}}, "title": "Endgame - Registry Events", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "e1e12ab0-6cc5-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-521cff19-8a9b-4da3-9494-488b27d4dd82", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1488], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTM5LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"}, "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}", "panelsJSON": "[{\"version\":\"7.16.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":11,\"h\":9,\"i\":\"64356467-dfe4-4eed-b53d-0cdf0b94f6d0\"},\"panelIndex\":\"64356467-dfe4-4eed-b53d-0cdf0b94f6d0\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635) \\n \\n**Event Category** \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame** \\n[Endgame Alerts](https://ENDGAMEHOST/alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_64356467-dfe4-4eed-b53d-0cdf0b94f6d0\"},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":11,\"y\":0,\"w\":15,\"h\":9,\"i\":\"cc23bd7c-9000-4af9-875e-5779794011d0\"},\"panelIndex\":\"cc23bd7c-9000-4af9-875e-5779794011d0\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"panelRefName\":\"panel_cc23bd7c-9000-4af9-875e-5779794011d0\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":26,\"y\":0,\"w\":11,\"h\":9,\"i\":\"276394f1-fa5b-42b2-ab7c-8db18bd367a3\"},\"panelIndex\":\"276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\",\"type\":\"lens\",\"id\":\"df2ef610-6a1f-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-97b747de-fee3-4557-84f6-3d6aecd1f5c7\"}],\"state\":{\"visualization\":{\"layerId\":\"97b747de-fee3-4557-84f6-3d6aecd1f5c7\",\"accessor\":\"dccdca2f-fac1-43ce-8c74-d50a8a007366\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"97b747de-fee3-4557-84f6-3d6aecd1f5c7\":{\"columns\":{\"dccdca2f-fac1-43ce-8c74-d50a8a007366\":{\"label\":\"Hosts\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.ip\",\"isBucketed\":false,\"customLabel\":true}},\"columnOrder\":[\"dccdca2f-fac1-43ce-8c74-d50a8a007366\"],\"incompleteColumns\":{}}}}}}},\"enhancements\":{},\"type\":\"lens\"},\"panelRefName\":\"panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":37,\"y\":0,\"w\":11,\"h\":9,\"i\":\"2c8d6219-3e37-47c9-bfb2-9330167ad7b8\"},\"panelIndex\":\"2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"name\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\",\"type\":\"lens\",\"id\":\"d07fce50-6a1f-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-fac6e4a9-2d36-463c-b2b0-b451546f6f20\"},{\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\",\"id\":\"endgame-*\"}],\"state\":{\"visualization\":{\"layerId\":\"fac6e4a9-2d36-463c-b2b0-b451546f6f20\",\"accessor\":\"2bea62c1-f8ef-43c3-b9c3-1931437bc5db\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.action\",\"params\":{\"query\":\"detection\"},\"indexRefName\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.action\":\"detection\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"fac6e4a9-2d36-463c-b2b0-b451546f6f20\":{\"columns\":{\"2bea62c1-f8ef-43c3-b9c3-1931437bc5db\":{\"label\":\"Alerts\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\",\"customLabel\":true}},\"columnOrder\":[\"2bea62c1-f8ef-43c3-b9c3-1931437bc5db\"],\"incompleteColumns\":{}}}}}}},\"enhancements\":{},\"type\":\"lens\"},\"panelRefName\":\"panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":9,\"w\":48,\"h\":13,\"i\":\"f702b2f2-5fc3-4a29-90a6-0d0d223fd358\"},\"panelIndex\":\"f702b2f2-5fc3-4a29-90a6-0d0d223fd358\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f702b2f2-5fc3-4a29-90a6-0d0d223fd358\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":22,\"w\":48,\"h\":14,\"i\":\"93800440-ed84-48b6-8055-c58a5d290ec6\"},\"panelIndex\":\"93800440-ed84-48b6-8055-c58a5d290ec6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"name\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\",\"type\":\"lens\",\"id\":\"03935e10-6a20-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-1828f449-a2e9-4ed2-a72c-e6f22382569e\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"e5498d4d-b9af-4016-8afc-e4639ceb6c10\",\"isTransposed\":false},{\"columnId\":\"b76f4623-7690-4ad3-ae68-d19b80a2361a\",\"isTransposed\":false}],\"layerId\":\"1828f449-a2e9-4ed2-a72c-e6f22382569e\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"1828f449-a2e9-4ed2-a72c-e6f22382569e\":{\"columns\":{\"e5498d4d-b9af-4016-8afc-e4639ceb6c10\":{\"label\":\"Top values of host.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":true},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false}},\"b76f4623-7690-4ad3-ae68-d19b80a2361a\":{\"label\":\"Last value of host.ip\",\"dataType\":\"ip\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"host.ip\",\"params\":{\"sortField\":\"@timestamp\"}}},\"columnOrder\":[\"e5498d4d-b9af-4016-8afc-e4639ceb6c10\",\"b76f4623-7690-4ad3-ae68-d19b80a2361a\"],\"incompleteColumns\":{}}}}}}},\"enhancements\":{},\"type\":\"lens\"},\"panelRefName\":\"panel_93800440-ed84-48b6-8055-c58a5d290ec6\"},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":36,\"w\":48,\"h\":14,\"i\":\"f389ba6c-bcad-4564-aca0-e696e2981239\"},\"panelIndex\":\"f389ba6c-bcad-4564-aca0-e696e2981239\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f389ba6c-bcad-4564-aca0-e696e2981239\"},{\"version\":\"7.15.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":50,\"w\":48,\"h\":18,\"i\":\"1ae20b57-e5db-4e2b-b45b-51132e0892d2\"},\"panelIndex\":\"1ae20b57-e5db-4e2b-b45b-51132e0892d2\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":null},\"panelRefName\":\"panel_1ae20b57-e5db-4e2b-b45b-51132e0892d2\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":68,\"w\":23,\"h\":16,\"i\":\"64991e9b-5624-4d8d-9624-3077e970068f\"},\"panelIndex\":\"64991e9b-5624-4d8d-9624-3077e970068f\",\"embeddableConfig\":{\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"842ed2f7-3fb1-4c0d-a62c-dd9d06de42da\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Go to Dashboard\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true}}}]}},\"hidePanelTitles\":false},\"title\":\"Endgame - Network DNS Requests Chart\",\"panelRefName\":\"panel_64991e9b-5624-4d8d-9624-3077e970068f\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":68,\"w\":25,\"h\":16,\"i\":\"d3b35751-4ec0-441c-a399-4c56a38ea9d3\"},\"panelIndex\":\"d3b35751-4ec0-441c-a399-4c56a38ea9d3\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"99f3c946-0494-42aa-a14f-cac5dce6757d\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View in Process Dashboard\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true}}}]}}},\"title\":\"Endgame - Processes\",\"panelRefName\":\"panel_d3b35751-4ec0-441c-a399-4c56a38ea9d3\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":84,\"w\":24,\"h\":15,\"i\":\"77406005-0714-4d8f-a535-79c693437dfe\"},\"panelIndex\":\"77406005-0714-4d8f-a535-79c693437dfe\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - Auth Event Outcome\",\"panelRefName\":\"panel_77406005-0714-4d8f-a535-79c693437dfe\"},{\"version\":\"7.16.0\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":84,\"w\":24,\"h\":15,\"i\":\"79b433c6-e740-40be-8b5e-02155ee11955\"},\"panelIndex\":\"79b433c6-e740-40be-8b5e-02155ee11955\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"name\":\"panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2\",\"type\":\"lens\",\"id\":\"676296e0-6d6d-11ec-864c-8b5450f97635\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"endgame-*\",\"name\":\"indexpattern-datasource-layer-e5f77e35-1bc5-4487-9602-e2962cafa87b\"},{\"name\":\"filter-index-pattern-0\",\"type\":\"index-pattern\",\"id\":\"endgame-*\"}],\"state\":{\"visualization\":{\"layerId\":\"e5f77e35-1bc5-4487-9602-e2962cafa87b\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"ade5af28-bac8-4a2d-adff-28580282a9d2\"},{\"isTransposed\":false,\"columnId\":\"e480935c-b388-48c6-9582-fb4600b462fb\"},{\"columnId\":\"bb5f0057-5e74-4baf-9839-aff53de6d145\",\"isTransposed\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"file\"},\"indexRefName\":\"filter-index-pattern-0\"},\"query\":{\"match_phrase\":{\"event.category\":\"file\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"e5f77e35-1bc5-4487-9602-e2962cafa87b\":{\"columns\":{\"ade5af28-bac8-4a2d-adff-28580282a9d2\":{\"label\":\"Top values of file.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.name\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e480935c-b388-48c6-9582-fb4600b462fb\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true}},\"e480935c-b388-48c6-9582-fb4600b462fb\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"bb5f0057-5e74-4baf-9839-aff53de6d145\":{\"label\":\"Top values of file.path\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.path\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e480935c-b388-48c6-9582-fb4600b462fb\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true}}},\"columnOrder\":[\"ade5af28-bac8-4a2d-adff-28580282a9d2\",\"bb5f0057-5e74-4baf-9839-aff53de6d145\",\"e480935c-b388-48c6-9582-fb4600b462fb\"],\"incompleteColumns\":{}}}}}}},\"enhancements\":{},\"hidePanelTitles\":false,\"type\":\"lens\"},\"title\":\"Endgame - File Name\",\"panelRefName\":\"panel_79b433c6-e740-40be-8b5e-02155ee11955\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":99,\"w\":48,\"h\":15,\"i\":\"812191d7-0fc5-4dba-8cb6-600b9e3ee15c\"},\"panelIndex\":\"812191d7-0fc5-4dba-8cb6-600b9e3ee15c\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - Registry Events\",\"panelRefName\":\"panel_812191d7-0fc5-4dba-8cb6-600b9e3ee15c\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":114,\"w\":48,\"h\":19,\"i\":\"b4898ca9-c99e-4ea2-a269-4e60616f2a4f\"},\"panelIndex\":\"b4898ca9-c99e-4ea2-a269-4e60616f2a4f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b4898ca9-c99e-4ea2-a269-4e60616f2a4f\"}]", "timeRestore": false, "title": "Endgame - Admin", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "6063a9e0-61b2-11ec-864c-8b5450f97635", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "754f7380-6d82-11ec-864c-8b5450f97635", "name": "64356467-dfe4-4eed-b53d-0cdf0b94f6d0:panel_64356467-dfe4-4eed-b53d-0cdf0b94f6d0", "type": "visualization"}, {"id": "e2da1340-53a3-11ec-b3ef-6bcc33056a36", "name": "cc23bd7c-9000-4af9-875e-5779794011d0:panel_cc23bd7c-9000-4af9-875e-5779794011d0", "type": "visualization"}, {"id": "df2ef610-6a1f-11ec-864c-8b5450f97635", "name": "276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3", "type": "lens"}, {"id": "df2ef610-6a1f-11ec-864c-8b5450f97635", "name": "276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3", "type": "lens"}, {"id": "df2ef610-6a1f-11ec-864c-8b5450f97635", "name": "276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3", "type": "lens"}, {"id": "df2ef610-6a1f-11ec-864c-8b5450f97635", "name": "276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3", "type": "lens"}, {"id": "df2ef610-6a1f-11ec-864c-8b5450f97635", "name": "276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3", "type": "lens"}, {"id": "df2ef610-6a1f-11ec-864c-8b5450f97635", "name": "276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3", "type": "lens"}, {"id": "df2ef610-6a1f-11ec-864c-8b5450f97635", "name": "276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3", "type": "lens"}, {"id": "df2ef610-6a1f-11ec-864c-8b5450f97635", "name": "276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3", "type": "lens"}, {"id": "df2ef610-6a1f-11ec-864c-8b5450f97635", "name": "276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3", "type": "lens"}, {"id": "df2ef610-6a1f-11ec-864c-8b5450f97635", "name": "276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3", "type": "lens"}, {"id": "df2ef610-6a1f-11ec-864c-8b5450f97635", "name": "276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3", "type": "lens"}, {"id": "df2ef610-6a1f-11ec-864c-8b5450f97635", "name": "276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3", "type": "lens"}, {"id": "df2ef610-6a1f-11ec-864c-8b5450f97635", "name": "276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3", "type": "lens"}, {"id": "df2ef610-6a1f-11ec-864c-8b5450f97635", "name": "276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3", "type": "lens"}, {"id": "df2ef610-6a1f-11ec-864c-8b5450f97635", "name": "276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3", "type": "lens"}, {"id": "df2ef610-6a1f-11ec-864c-8b5450f97635", "name": "276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3", "type": "lens"}, {"id": "df2ef610-6a1f-11ec-864c-8b5450f97635", "name": "276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3", "type": "lens"}, {"id": "df2ef610-6a1f-11ec-864c-8b5450f97635", "name": "276394f1-fa5b-42b2-ab7c-8db18bd367a3:panel_276394f1-fa5b-42b2-ab7c-8db18bd367a3", "type": "lens"}, {"id": "endgame-*", "name": "276394f1-fa5b-42b2-ab7c-8db18bd367a3:indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "276394f1-fa5b-42b2-ab7c-8db18bd367a3:indexpattern-datasource-layer-97b747de-fee3-4557-84f6-3d6aecd1f5c7", "type": "index-pattern"}, {"id": "d07fce50-6a1f-11ec-864c-8b5450f97635", "name": "2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8", "type": "lens"}, {"id": "d07fce50-6a1f-11ec-864c-8b5450f97635", "name": "2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8", "type": "lens"}, {"id": "d07fce50-6a1f-11ec-864c-8b5450f97635", "name": "2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8", "type": "lens"}, {"id": "d07fce50-6a1f-11ec-864c-8b5450f97635", "name": "2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8", "type": "lens"}, {"id": "d07fce50-6a1f-11ec-864c-8b5450f97635", "name": "2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8", "type": "lens"}, {"id": "d07fce50-6a1f-11ec-864c-8b5450f97635", "name": "2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8", "type": "lens"}, {"id": "d07fce50-6a1f-11ec-864c-8b5450f97635", "name": "2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8", "type": "lens"}, {"id": "d07fce50-6a1f-11ec-864c-8b5450f97635", "name": "2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8", "type": "lens"}, {"id": "d07fce50-6a1f-11ec-864c-8b5450f97635", "name": "2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8", "type": "lens"}, {"id": "d07fce50-6a1f-11ec-864c-8b5450f97635", "name": "2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8", "type": "lens"}, {"id": "d07fce50-6a1f-11ec-864c-8b5450f97635", "name": "2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8", "type": "lens"}, {"id": "d07fce50-6a1f-11ec-864c-8b5450f97635", "name": "2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8", "type": "lens"}, {"id": "d07fce50-6a1f-11ec-864c-8b5450f97635", "name": "2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8", "type": "lens"}, {"id": "d07fce50-6a1f-11ec-864c-8b5450f97635", "name": "2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8", "type": "lens"}, {"id": "d07fce50-6a1f-11ec-864c-8b5450f97635", "name": "2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8", "type": "lens"}, {"id": "d07fce50-6a1f-11ec-864c-8b5450f97635", "name": "2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8", "type": "lens"}, {"id": "d07fce50-6a1f-11ec-864c-8b5450f97635", "name": "2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8", "type": "lens"}, {"id": "d07fce50-6a1f-11ec-864c-8b5450f97635", "name": "2c8d6219-3e37-47c9-bfb2-9330167ad7b8:panel_2c8d6219-3e37-47c9-bfb2-9330167ad7b8", "type": "lens"}, {"id": "endgame-*", "name": "2c8d6219-3e37-47c9-bfb2-9330167ad7b8:indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "2c8d6219-3e37-47c9-bfb2-9330167ad7b8:indexpattern-datasource-layer-fac6e4a9-2d36-463c-b2b0-b451546f6f20", "type": "index-pattern"}, {"id": "endgame-*", "name": "2c8d6219-3e37-47c9-bfb2-9330167ad7b8:filter-index-pattern-0", "type": "index-pattern"}, {"id": "82185ff0-696d-11ec-864c-8b5450f97635", "name": "f702b2f2-5fc3-4a29-90a6-0d0d223fd358:panel_f702b2f2-5fc3-4a29-90a6-0d0d223fd358", "type": "lens"}, {"id": "03935e10-6a20-11ec-864c-8b5450f97635", "name": "93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6", "type": "lens"}, {"id": "03935e10-6a20-11ec-864c-8b5450f97635", "name": "93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6", "type": "lens"}, {"id": "03935e10-6a20-11ec-864c-8b5450f97635", "name": "93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6", "type": "lens"}, {"id": "03935e10-6a20-11ec-864c-8b5450f97635", "name": "93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6", "type": "lens"}, {"id": "03935e10-6a20-11ec-864c-8b5450f97635", "name": "93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6", "type": "lens"}, {"id": "03935e10-6a20-11ec-864c-8b5450f97635", "name": "93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6", "type": "lens"}, {"id": "03935e10-6a20-11ec-864c-8b5450f97635", "name": "93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6", "type": "lens"}, {"id": "03935e10-6a20-11ec-864c-8b5450f97635", "name": "93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6", "type": "lens"}, {"id": "03935e10-6a20-11ec-864c-8b5450f97635", "name": "93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6", "type": "lens"}, {"id": "03935e10-6a20-11ec-864c-8b5450f97635", "name": "93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6", "type": "lens"}, {"id": "03935e10-6a20-11ec-864c-8b5450f97635", "name": "93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6", "type": "lens"}, {"id": "03935e10-6a20-11ec-864c-8b5450f97635", "name": "93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6", "type": "lens"}, {"id": "03935e10-6a20-11ec-864c-8b5450f97635", "name": "93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6", "type": "lens"}, {"id": "03935e10-6a20-11ec-864c-8b5450f97635", "name": "93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6", "type": "lens"}, {"id": "03935e10-6a20-11ec-864c-8b5450f97635", "name": "93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6", "type": "lens"}, {"id": "03935e10-6a20-11ec-864c-8b5450f97635", "name": "93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6", "type": "lens"}, {"id": "03935e10-6a20-11ec-864c-8b5450f97635", "name": "93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6", "type": "lens"}, {"id": "03935e10-6a20-11ec-864c-8b5450f97635", "name": "93800440-ed84-48b6-8055-c58a5d290ec6:panel_93800440-ed84-48b6-8055-c58a5d290ec6", "type": "lens"}, {"id": "endgame-*", "name": "93800440-ed84-48b6-8055-c58a5d290ec6:indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "93800440-ed84-48b6-8055-c58a5d290ec6:indexpattern-datasource-layer-1828f449-a2e9-4ed2-a72c-e6f22382569e", "type": "index-pattern"}, {"id": "3ae34620-6258-11ec-864c-8b5450f97635", "name": "f389ba6c-bcad-4564-aca0-e696e2981239:panel_f389ba6c-bcad-4564-aca0-e696e2981239", "type": "visualization"}, {"id": "de389910-6f0a-11ec-864c-8b5450f97635", "name": "1ae20b57-e5db-4e2b-b45b-51132e0892d2:panel_1ae20b57-e5db-4e2b-b45b-51132e0892d2", "type": "visualization"}, {"id": "f30bef10-6328-11ec-864c-8b5450f97635", "name": "64991e9b-5624-4d8d-9624-3077e970068f:panel_64991e9b-5624-4d8d-9624-3077e970068f", "type": "lens"}, {"id": "49d34770-53b2-11ec-b3ef-6bcc33056a36", "name": "64991e9b-5624-4d8d-9624-3077e970068f:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:842ed2f7-3fb1-4c0d-a62c-dd9d06de42da:dashboardId", "type": "dashboard"}, {"id": "e2cff350-6ccc-11ec-864c-8b5450f97635", "name": "d3b35751-4ec0-441c-a399-4c56a38ea9d3:panel_d3b35751-4ec0-441c-a399-4c56a38ea9d3", "type": "lens"}, {"id": "790991a0-6287-11ec-864c-8b5450f97635", "name": "d3b35751-4ec0-441c-a399-4c56a38ea9d3:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:99f3c946-0494-42aa-a14f-cac5dce6757d:dashboardId", "type": "dashboard"}, {"id": "072ae530-6d6c-11ec-864c-8b5450f97635", "name": "77406005-0714-4d8f-a535-79c693437dfe:panel_77406005-0714-4d8f-a535-79c693437dfe", "type": "lens"}, {"id": "676296e0-6d6d-11ec-864c-8b5450f97635", "name": "79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955", "type": "lens"}, {"id": "676296e0-6d6d-11ec-864c-8b5450f97635", "name": "79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955", "type": "lens"}, {"id": "676296e0-6d6d-11ec-864c-8b5450f97635", "name": "79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955", "type": "lens"}, {"id": "676296e0-6d6d-11ec-864c-8b5450f97635", "name": "79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955", "type": "lens"}, {"id": "676296e0-6d6d-11ec-864c-8b5450f97635", "name": "79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955", "type": "lens"}, {"id": "676296e0-6d6d-11ec-864c-8b5450f97635", "name": "79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955", "type": "lens"}, {"id": "676296e0-6d6d-11ec-864c-8b5450f97635", "name": "79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955", "type": "lens"}, {"id": "676296e0-6d6d-11ec-864c-8b5450f97635", "name": "79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955", "type": "lens"}, {"id": "676296e0-6d6d-11ec-864c-8b5450f97635", "name": "79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955", "type": "lens"}, {"id": "676296e0-6d6d-11ec-864c-8b5450f97635", "name": "79b433c6-e740-40be-8b5e-02155ee11955:panel_79b433c6-e740-40be-8b5e-02155ee11955", "type": "lens"}, {"id": "676296e0-6d6d-11ec-864c-8b5450f97635", "name": "79b433c6-e740-40be-8b5e-02155ee11955:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2", "type": "lens"}, {"id": "676296e0-6d6d-11ec-864c-8b5450f97635", "name": "79b433c6-e740-40be-8b5e-02155ee11955:panel_cd2e58e6-ecaf-46ff-89ae-3f6c104137b2", "type": "lens"}, {"id": "endgame-*", "name": "79b433c6-e740-40be-8b5e-02155ee11955:indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "79b433c6-e740-40be-8b5e-02155ee11955:indexpattern-datasource-layer-e5f77e35-1bc5-4487-9602-e2962cafa87b", "type": "index-pattern"}, {"id": "endgame-*", "name": "79b433c6-e740-40be-8b5e-02155ee11955:filter-index-pattern-0", "type": "index-pattern"}, {"id": "e1e12ab0-6cc5-11ec-864c-8b5450f97635", "name": "812191d7-0fc5-4dba-8cb6-600b9e3ee15c:panel_812191d7-0fc5-4dba-8cb6-600b9e3ee15c", "type": "lens"}, {"id": "20c85b70-53aa-11ec-b3ef-6bcc33056a36", "name": "b4898ca9-c99e-4ea2-a269-4e60616f2a4f:panel_b4898ca9-c99e-4ea2-a269-4e60616f2a4f", "type": "search"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1578], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTQwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Data Types", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Data Types\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event_type.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Data Type\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "60925490-34bf-11e7-9b32-bb903919ead9", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "aa05e920-3433-11e7-8867-29a39c0f86b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1580], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTQxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SSL - Log Count Over TIme", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"SSL - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "6139edd0-3641-11e7-a6f7-4f44d7bf1c33", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c8f21de0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1582], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTQyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Autoruns - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Autoruns - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "bf5ab2d0-6d6b-11e7-ad64-15aa071374a6", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "dd700830-6d69-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1584], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTQzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Autoruns - Hostname (Tag Cloud)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Autoruns - Hostname (Tag Cloud)\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":10,\"maxFontSize\":30,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"hostname.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "c5d58f60-6d78-11e7-b09b-f57b22df6524", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "dd700830-6d69-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1586], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTQ0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Autoruns - Hostname", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Autoruns - Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hostname.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "df5e9e80-6d79-11e7-b09b-f57b22df6524", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "dd700830-6d69-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1588], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTQ1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Autoruns - Launch String", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Autoruns - Launch String\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"launch_string.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Launch String\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"image_path.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Image\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "cfd94590-6d7a-11e7-b09b-f57b22df6524", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "dd700830-6d69-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1590], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTQ2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Autoruns - Company", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Autoruns - Company\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":14,\"maxFontSize\":36,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"company.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "96105ff0-6d7b-11e7-b09b-f57b22df6524", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "dd700830-6d69-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1592], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTQ3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Autoruns - Signer", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Autoruns - Signer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"signer.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Signer\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "6cf187b0-6d7c-11e7-b09b-f57b22df6524", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "dd700830-6d69-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1594], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTQ4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Autoruns - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"Autoruns - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHG1IaxQT5EBNmq4yR", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "dd700830-6d69-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1596], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTQ5LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":16,\"x\":8,\"y\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":8,\"y\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":24,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":24,\"y\":24,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":72,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":96,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":28,\"h\":24,\"x\":20,\"y\":48,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":0,\"y\":48,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":32,\"x\":0,\"y\":120,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"columns\":[\"entry\",\"entry_location\",\"image_path\",\"hostname\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"}]", "timeRestore": false, "title": "z16.04 - Autoruns", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "61d43810-6d62-11e7-8ddb-e71eb260f4a3", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "bf5ab2d0-6d6b-11e7-ad64-15aa071374a6", "name": "panel_1", "type": "visualization"}, {"id": "482be9b0-6d78-11e7-b09b-f57b22df6524", "name": "panel_2", "type": "visualization"}, {"id": "c5d58f60-6d78-11e7-b09b-f57b22df6524", "name": "panel_3", "type": "visualization"}, {"id": "1cd6a970-6d79-11e7-b09b-f57b22df6524", "name": "panel_4", "type": "visualization"}, {"id": "df5e9e80-6d79-11e7-b09b-f57b22df6524", "name": "panel_5", "type": "visualization"}, {"id": "2ef9ccd0-6d7a-11e7-b09b-f57b22df6524", "name": "panel_6", "type": "visualization"}, {"id": "cfd94590-6d7a-11e7-b09b-f57b22df6524", "name": "panel_7", "type": "visualization"}, {"id": "96105ff0-6d7b-11e7-b09b-f57b22df6524", "name": "panel_8", "type": "visualization"}, {"id": "6cf187b0-6d7c-11e7-b09b-f57b22df6524", "name": "panel_9", "type": "visualization"}, {"id": "dd700830-6d69-11e7-ad64-15aa071374a6", "name": "panel_10", "type": "search"}, {"id": "AWDHG1IaxQT5EBNmq4yR", "name": "panel_11", "type": "visualization"}], "sort": [1643385898421, 1609], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTUwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"event.category.keyword : \\\"registry\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Endgame - Event.Cat:Registry Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Endgame - Event.Cat:Registry Log Count Over Time\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30m\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{},\"style\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"},\"style\":{}}],\"seriesParams\":[{\"show\":true,\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":3}],\"addTooltip\":true,\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"addLegend\":true,\"legendPosition\":\"right\",\"fittingFunction\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"labels\":{},\"radiusRatio\":9,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"}, "coreMigrationVersion": "7.16.2", "id": "61f72150-6406-11ec-864c-8b5450f97635", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "endgame-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1612], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTUxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "NIDS Alerts - Source Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"NIDS Alerts - Source Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "620283e0-3af5-11e7-a83b-b1b4da7d15f4", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9a5a35c0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1614], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTUyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Modbus - Function", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Modbus - Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"modbus.function.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"modbus.function.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "62449800-75be-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1616], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTUzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - MySQL - Success", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - MySQL - Success\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Success\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "62969db0-75c0-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1618], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTU0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - Connections - Top Destination IPs", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Connections - Top Destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "62ac4060-6ea0-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9b333020-6e9f-11ea-9266-1fd14ca6af34", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1620], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTU1LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"e316de92-6d8b-4ef1-8197-18b0b339413f": {"columnOrder": ["7e8c9bea-75f8-4666-be0e-a3c8e96f7739"], "columns": {"7e8c9bea-75f8-4666-be0e-a3c8e96f7739": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.category", "negate": false, "params": {"query": "authentication"}, "type": "phrase"}, "query": {"match_phrase": {"event.category": "authentication"}}}], "query": {"language": "kuery", "query": ""}, "visualization": {"accessor": "7e8c9bea-75f8-4666-be0e-a3c8e96f7739", "layerId": "e316de92-6d8b-4ef1-8197-18b0b339413f", "layerType": "data"}}, "title": "Endgame - Auth Count", "visualizationType": "lnsMetric"}, "coreMigrationVersion": "7.16.2", "id": "63569670-6d6b-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-e316de92-6d8b-4ef1-8197-18b0b339413f", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1625], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTU2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "RFB - Desktop Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"RFB - Desktop Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"desktop_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Desktop Name\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "63c072c0-371f-11e7-90f8-87842d5eedc9", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "8ba53710-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1627], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTU3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "NIDS - Drilldown - Rule Signature", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"NIDS - Drilldown - Rule Signature\",\"type\":\"table\",\"params\":{\"perPage\":1,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"top_hits\",\"schema\":\"metric\",\"params\":{\"field\":\"rule_signature.keyword\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"NIDS Signature\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "6533dd40-e064-11e9-8f0c-2ddbf5ed9290", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9a5a35c0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1629], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTU4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Syslog - Facility", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Syslog - Facility\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"syslog.facility_label: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog.facility_label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Facility\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "e017cb80-777b-11ea-bee5-af7f7c7b8e05", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1631], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTU5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Syslog - Severity", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog.severity_label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - Syslog - Severity\"}"}, "coreMigrationVersion": "7.16.2", "id": "9e1a4240-c77a-11ea-bebb-37c5ab5894ea", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1633], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTYwLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:syslog\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"9c4d23d9-2dd5-4a9f-aa67-edc6b73f3086\"},\"panelIndex\":\"9c4d23d9-2dd5-4a9f-aa67-edc6b73f3086\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"a3e3afae-dd54-4024-9d09-608a6baecd42\"},\"panelIndex\":\"a3e3afae-dd54-4024-9d09-608a6baecd42\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"e7dbc7be-d1ef-499a-bbb6-2963bfdaabfb\"},\"panelIndex\":\"e7dbc7be-d1ef-499a-bbb6-2963bfdaabfb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":18,\"i\":\"e1ea8adf-acd8-4577-9c81-1acb711d20ce\"},\"panelIndex\":\"e1ea8adf-acd8-4577-9c81-1acb711d20ce\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":8,\"h\":18,\"i\":\"16f2046a-4417-4e78-9699-65d253db78cb\"},\"panelIndex\":\"16f2046a-4417-4e78-9699-65d253db78cb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":8,\"w\":11,\"h\":18,\"i\":\"226810af-b55b-4fba-99c8-0c28ca99aa37\"},\"panelIndex\":\"226810af-b55b-4fba-99c8-0c28ca99aa37\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":27,\"y\":8,\"w\":9,\"h\":18,\"i\":\"9cc5fffe-3834-4550-84e3-33d1246f68f6\"},\"panelIndex\":\"9cc5fffe-3834-4550-84e3-33d1246f68f6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":18,\"i\":\"cdad19b0-4f35-4143-8677-0a64a64dbca6\"},\"panelIndex\":\"cdad19b0-4f35-4143-8677-0a64a64dbca6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":26,\"w\":48,\"h\":29,\"i\":\"b06c2c59-18a2-4e4c-bfc8-b4d496a89d30\"},\"panelIndex\":\"b06c2c59-18a2-4e4c-bfc8-b4d496a89d30\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]", "timeRestore": false, "title": "Security Onion - Syslog", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "66499a20-75ed-11ea-9565-7315f4ee5cac", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_5", "type": "visualization"}, {"id": "e017cb80-777b-11ea-bee5-af7f7c7b8e05", "name": "panel_6", "type": "visualization"}, {"id": "9e1a4240-c77a-11ea-bebb-37c5ab5894ea", "name": "panel_7", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_8", "type": "search"}], "sort": [1643385898421, 1643], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTYxLDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"842f61f9-afc4-44dc-a6bd-e3cc66a8827b": {"columnOrder": ["2834ba67-2809-442b-b80b-4b17d3a67d43"], "columns": {"2834ba67-2809-442b-b80b-4b17d3a67d43": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": " ", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": "event.kind : \"alert\" "}, "visualization": {"accessor": "2834ba67-2809-442b-b80b-4b17d3a67d43", "layerId": "842f61f9-afc4-44dc-a6bd-e3cc66a8827b", "layerType": "data"}}, "title": "Endgame - Alerts", "visualizationType": "lnsMetric"}, "coreMigrationVersion": "7.16.2", "id": "668e9130-6cc1-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-842f61f9-afc4-44dc-a6bd-e3cc66a8827b", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1647], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTYyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "DNS - Query/Answer", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DNS - Query/Answer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"answers.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "e8e3b8a0-34c1-11e7-917c-af7a9d11771a", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d46522e0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1649], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTYzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "NIDS - Alerts", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"NIDS - Alerts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "c7eed4c0-3649-11e7-bf60-314364dd1cde", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9a5a35c0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1651], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTY0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "DNS - Server", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DNS - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "6ef90c30-34c0-11e7-9b32-bb903919ead9", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d46522e0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1653], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTY1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Sensors - Sensor and Services (Pie Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Sensors - Sensor and Services (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"sensor_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sensor\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"service.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "9c979ea0-345b-11e7-8867-29a39c0f86b2", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "aa05e920-3433-11e7-8867-29a39c0f86b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1655], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTY2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Top 50 - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Top 50 - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "73806f30-4948-11e8-9576-313be7c6b44b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1657], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTY3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Top 50 - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Top 50 - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "c0de57b0-4948-11e8-9576-313be7c6b44b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1659], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTY4LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":24,\"x\":16,\"y\":120,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":144,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":144,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":180,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":180,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":120,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":48,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"columns\":[\"hostname\",\"alert_level\",\"description\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":204,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":12,\"x\":0,\"y\":168,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":144,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":96,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":96,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_14\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":24,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_15\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":0,\"i\":\"26\"},\"panelIndex\":\"26\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_16\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":72,\"i\":\"27\"},\"panelIndex\":\"27\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_17\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":72,\"i\":\"28\"},\"panelIndex\":\"28\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_18\"}]", "timeRestore": false, "title": "z16.04 - Indicator", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "68563ed0-34bf-11e7-9b32-bb903919ead9", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "60925490-34bf-11e7-9b32-bb903919ead9", "name": "panel_1", "type": "visualization"}, {"id": "e8e3b8a0-34c1-11e7-917c-af7a9d11771a", "name": "panel_2", "type": "visualization"}, {"id": "ae1f1fb0-3648-11e7-bf60-314364dd1cde", "name": "panel_3", "type": "visualization"}, {"id": "d0f56da0-3648-11e7-bf60-314364dd1cde", "name": "panel_4", "type": "visualization"}, {"id": "8ba31820-34c6-11e7-8360-0b86c90983fd", "name": "panel_5", "type": "visualization"}, {"id": "7153e7f0-34c7-11e7-8360-0b86c90983fd", "name": "panel_6", "type": "visualization"}, {"id": "c7eed4c0-3649-11e7-bf60-314364dd1cde", "name": "panel_7", "type": "visualization"}, {"id": "45a652b0-34c1-11e7-917c-af7a9d11771a", "name": "panel_8", "type": "visualization"}, {"id": "d9096bb0-342f-11e7-9e93-53b62e1857b2", "name": "panel_9", "type": "search"}, {"id": "aa05e920-3433-11e7-8867-29a39c0f86b2", "name": "panel_10", "type": "search"}, {"id": "934fe550-6e08-11e7-9370-174c4785d3e1", "name": "panel_11", "type": "visualization"}, {"id": "3f4abb40-6e0a-11e7-84cc-b363f104b3c7", "name": "panel_12", "type": "visualization"}, {"id": "53ac63e0-365b-11e7-8bd0-1db2c55fb7a1", "name": "panel_13", "type": "visualization"}, {"id": "6ef90c30-34c0-11e7-9b32-bb903919ead9", "name": "panel_14", "type": "visualization"}, {"id": "07fdf9e0-39ad-11e7-8472-0151e5b2b475", "name": "panel_15", "type": "visualization"}, {"id": "9c979ea0-345b-11e7-8867-29a39c0f86b2", "name": "panel_16", "type": "visualization"}, {"id": "73806f30-4948-11e8-9576-313be7c6b44b", "name": "panel_17", "type": "visualization"}, {"id": "c0de57b0-4948-11e8-9576-313be7c6b44b", "name": "panel_18", "type": "visualization"}], "sort": [1643385898421, 1679], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTY5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - Network Data - Count", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - Network Data - Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"}, "coreMigrationVersion": "7.16.2", "id": "689991b0-6ea7-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "387f44c0-6ea7-11ea-9266-1fd14ca6af34", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1681], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTcwLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.3.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[25.16517336866393,0.17578125],\"mapZoom\":2,\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]", "timeRestore": false, "title": "Connections - Source - Originator Bytes", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "68f738e0-46ca-11e7-946f-1bfb1be7c36b", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "05809df0-46cb-11e7-946f-1bfb1be7c36b", "name": "panel_1", "type": "visualization"}], "sort": [1643385898421, 1684], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTcxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SNMP - Version", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - SNMP - Version\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"snmp.version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Version\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "690ef880-75e9-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1686], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTcyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Weird - Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Weird - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "691ade50-4c85-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "e32d0d50-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1688], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTczLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Kerberos - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Kerberos - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "c97cd4c0-35ba-11e7-b9ee-834112670159", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "452daa10-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1690], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTc0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Kerberos - Client", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Kerberos - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "710ccbf0-35bb-11e7-b9ee-834112670159", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "452daa10-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1692], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTc1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Kerberos - Success Status (Donut Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Kerberos - Success Status (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"kerberos_success.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "b31231c0-35bb-11e7-b9ee-834112670159", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "452daa10-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1694], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTc2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Kerberos - Server", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Kerberos - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "f0178840-35bb-11e7-b9ee-834112670159", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "452daa10-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1696], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTc3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Kerberos - Cipher (Donut Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Kerberos - Cipher (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"cipher.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "e3fffae0-3635-11e7-a6f7-4f44d7bf1c33", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "452daa10-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1698], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTc4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Kerberos - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Kerberos - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "84f28670-3636-11e7-a6f7-4f44d7bf1c33", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "452daa10-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1700], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTc5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Kerberos - Service", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Kerberos - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "f7c48a20-6e19-11e7-89e4-613b96f597e1", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "452daa10-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1702], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTgwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Kerberos - Renewable", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Kerberos - Renewable\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"renewable.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Renewable\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "bb748470-6e1a-11e7-b553-7f80727663c1", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "452daa10-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1704], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTgxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Kerberos - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"Kerberos - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDG_UbkxQT5EBNmq4Lg", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "452daa10-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1706], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTgyLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":120,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"request_type\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":48,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":16,\"x\":28,\"y\":8,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":48,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":16,\"x\":8,\"y\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":96,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":96,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":96,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":28,\"h\":24,\"x\":0,\"y\":72,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":24,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":72,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"}]", "timeRestore": false, "title": "z16.04 - Bro - Kerberos", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "6b0d4870-3583-11e7-a588-05992195c551", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "c97cd4c0-35ba-11e7-b9ee-834112670159", "name": "panel_1", "type": "visualization"}, {"id": "452daa10-342e-11e7-9e93-53b62e1857b2", "name": "panel_2", "type": "search"}, {"id": "710ccbf0-35bb-11e7-b9ee-834112670159", "name": "panel_3", "type": "visualization"}, {"id": "b31231c0-35bb-11e7-b9ee-834112670159", "name": "panel_4", "type": "visualization"}, {"id": "f0178840-35bb-11e7-b9ee-834112670159", "name": "panel_5", "type": "visualization"}, {"id": "e3fffae0-3635-11e7-a6f7-4f44d7bf1c33", "name": "panel_6", "type": "visualization"}, {"id": "28d04080-3636-11e7-a6f7-4f44d7bf1c33", "name": "panel_7", "type": "visualization"}, {"id": "3f34faa0-3636-11e7-a6f7-4f44d7bf1c33", "name": "panel_8", "type": "visualization"}, {"id": "84f28670-3636-11e7-a6f7-4f44d7bf1c33", "name": "panel_9", "type": "visualization"}, {"id": "f7c48a20-6e19-11e7-89e4-613b96f597e1", "name": "panel_10", "type": "visualization"}, {"id": "4aa0b2a0-6e1a-11e7-89e4-613b96f597e1", "name": "panel_11", "type": "visualization"}, {"id": "bb748470-6e1a-11e7-b553-7f80727663c1", "name": "panel_12", "type": "visualization"}, {"id": "AWDG_UbkxQT5EBNmq4Lg", "name": "panel_13", "type": "visualization"}], "sort": [1643385898421, 1721], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTgzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:intel\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Intel - Indicator Type (Pie)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - Intel - Indicator Type (Pie)\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"intel.indicator_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator Type\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true}}"}, "coreMigrationVersion": "7.16.2", "id": "6b109430-0e60-11eb-a255-e1e8e85e3571", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1723], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTg0LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"f792f3cd-4a3c-4788-a3f8-33542035b98e": {"columnOrder": ["4aaf35d6-7ed3-4d81-9a7d-85bbc43459c1", "c7495830-1f48-4613-a2a1-e9213447910f", "3926249d-4707-4e24-a637-7a2b9d046856"], "columns": {"3926249d-4707-4e24-a637-7a2b9d046856": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "4aaf35d6-7ed3-4d81-9a7d-85bbc43459c1": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "host.user.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "3926249d-4707-4e24-a637-7a2b9d046856", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "host.user.name"}, "c7495830-1f48-4613-a2a1-e9213447910f": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "user.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "3926249d-4707-4e24-a637-7a2b9d046856", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "user.name"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.category", "negate": false, "params": {"query": "authentication"}, "type": "phrase"}, "query": {"match_phrase": {"event.category": "authentication"}}}], "query": {"language": "kuery", "query": ""}, "visualization": {"columns": [{"columnId": "4aaf35d6-7ed3-4d81-9a7d-85bbc43459c1", "isTransposed": false}, {"columnId": "c7495830-1f48-4613-a2a1-e9213447910f", "isTransposed": false}, {"columnId": "3926249d-4707-4e24-a637-7a2b9d046856", "isTransposed": false}], "layerId": "f792f3cd-4a3c-4788-a3f8-33542035b98e", "layerType": "data"}}, "title": "Endgame - Auth Username", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "6b3841e0-6d6b-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-f792f3cd-4a3c-4788-a3f8-33542035b98e", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1728], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTg1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Sysmon - Destination Port", "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", "version": 1, "visState": "{\"title\":\"Sysmon - Destination Port\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "6b70b840-6d75-11e7-b09b-f57b22df6524", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "248c1d20-6d6b-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1730], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTg2LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"4a1ec78a-56cc-4227-919e-857b47d902dd": {"columnOrder": ["fb18d67e-9996-499c-95e1-0e67c91567c8", "c8eeb0da-7ef2-40fa-b837-808e4e34c536", "56f86bee-5b6e-42b4-92f3-563f7782aa71"], "columns": {"56f86bee-5b6e-42b4-92f3-563f7782aa71": {"dataType": "number", "isBucketed": false, "label": "Count of records", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "c8eeb0da-7ef2-40fa-b837-808e4e34c536": {"dataType": "date", "isBucketed": true, "label": "@timestamp", "operationType": "date_histogram", "params": {"interval": "auto"}, "scale": "interval", "sourceField": "@timestamp"}, "fb18d67e-9996-499c-95e1-0e67c91567c8": {"dataType": "string", "isBucketed": true, "label": "Top values of event.outcome", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "56f86bee-5b6e-42b4-92f3-563f7782aa71", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "event.outcome"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.category", "negate": false, "params": {"query": "authentication"}, "type": "phrase"}, "query": {"match_phrase": {"event.category": "authentication"}}}], "query": {"language": "kuery", "query": ""}, "visualization": {"axisTitlesVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "fittingFunction": "None", "gridlinesVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "labelsOrientation": {"x": 0, "yLeft": 0, "yRight": 0}, "layers": [{"accessors": ["56f86bee-5b6e-42b4-92f3-563f7782aa71"], "layerId": "4a1ec78a-56cc-4227-919e-857b47d902dd", "layerType": "data", "position": "top", "seriesType": "bar_stacked", "showGridlines": false, "splitAccessor": "fb18d67e-9996-499c-95e1-0e67c91567c8", "xAccessor": "c8eeb0da-7ef2-40fa-b837-808e4e34c536"}], "legend": {"isVisible": true, "position": "right"}, "preferredSeriesType": "bar_stacked", "tickLabelsVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "valueLabels": "hide", "yLeftExtent": {"mode": "full"}, "yRightExtent": {"mode": "full"}}}, "title": "Endgame - Auth Logs Over Time", "visualizationType": "lnsXY"}, "coreMigrationVersion": "7.16.2", "id": "6f648670-6d6b-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-4a1ec78a-56cc-4227-919e-857b47d902dd", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1735], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTg3LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"3f16332f-15b4-4f4f-8cd0-3904d1082ad9": {"columnOrder": ["ac84ac59-9300-4b99-b002-b9c3bcb375d0", "d449a510-00fe-4b24-bd3d-5c9d4e5fc67b"], "columns": {"ac84ac59-9300-4b99-b002-b9c3bcb375d0": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "host.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "d449a510-00fe-4b24-bd3d-5c9d4e5fc67b", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 5}, "scale": "ordinal", "sourceField": "host.name"}, "d449a510-00fe-4b24-bd3d-5c9d4e5fc67b": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count ", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.category", "negate": false, "params": {"query": "authentication"}, "type": "phrase"}, "query": {"match_phrase": {"event.category": "authentication"}}}], "query": {"language": "kuery", "query": ""}, "visualization": {"columns": [{"columnId": "ac84ac59-9300-4b99-b002-b9c3bcb375d0"}, {"columnId": "d449a510-00fe-4b24-bd3d-5c9d4e5fc67b"}], "layerId": "3f16332f-15b4-4f4f-8cd0-3904d1082ad9", "layerType": "data"}}, "title": "Endgame - Auth Hostname", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "b6bd72c0-6d6b-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-3f16332f-15b4-4f4f-8cd0-3904d1082ad9", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1740], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTg4LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"67aa62dc-542c-4302-b7ca-3f58dcae48bc": {"columnOrder": ["c6c215da-4e22-4969-b00a-fb6a0a85eac3", "5f851d2a-ab05-4075-9aa3-8d73eb2d0d08"], "columns": {"5f851d2a-ab05-4075-9aa3-8d73eb2d0d08": {"dataType": "number", "isBucketed": false, "label": "Count of records", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "c6c215da-4e22-4969-b00a-fb6a0a85eac3": {"dataType": "string", "isBucketed": true, "label": "Top values of event.action", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "5f851d2a-ab05-4075-9aa3-8d73eb2d0d08", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 5}, "scale": "ordinal", "sourceField": "event.action"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.category", "negate": false, "params": {"query": "authentication"}, "type": "phrase"}, "query": {"match_phrase": {"event.category": "authentication"}}}], "query": {"language": "kuery", "query": ""}, "visualization": {"layers": [{"categoryDisplay": "default", "groups": ["c6c215da-4e22-4969-b00a-fb6a0a85eac3"], "layerId": "67aa62dc-542c-4302-b7ca-3f58dcae48bc", "layerType": "data", "legendDisplay": "default", "metric": "5f851d2a-ab05-4075-9aa3-8d73eb2d0d08", "nestedLegend": false, "numberDisplay": "percent"}], "shape": "donut"}}, "title": "Endgame - Auth Event Action (Donut)", "visualizationType": "lnsPie"}, "coreMigrationVersion": "7.16.2", "id": "d3e6cf90-6d6b-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-67aa62dc-542c-4302-b7ca-3f58dcae48bc", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1745], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTg5LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"d00a9d6e-a40e-4051-9999-946bca8cc10a": {"columnOrder": ["2ff29508-b249-4b8b-8472-7b287d1a458d", "4fbce0f5-b26d-4996-a04a-8f28c03e85e1"], "columns": {"2ff29508-b249-4b8b-8472-7b287d1a458d": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "event.action", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "4fbce0f5-b26d-4996-a04a-8f28c03e85e1", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 5}, "scale": "ordinal", "sourceField": "event.action"}, "4fbce0f5-b26d-4996-a04a-8f28c03e85e1": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.category", "negate": false, "params": {"query": "authentication"}, "type": "phrase"}, "query": {"match_phrase": {"event.category": "authentication"}}}], "query": {"language": "kuery", "query": ""}, "visualization": {"columns": [{"columnId": "2ff29508-b249-4b8b-8472-7b287d1a458d"}, {"columnId": "4fbce0f5-b26d-4996-a04a-8f28c03e85e1"}], "layerId": "d00a9d6e-a40e-4051-9999-946bca8cc10a", "layerType": "data"}}, "title": "Endgame - Auth Event Action", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "c9b17020-6d6b-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-d00a9d6e-a40e-4051-9999-946bca8cc10a", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1750], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTkwLDE1XQ=="} +{"attributes": {"columns": ["host.hostname", "user.name", "host.ip"], "description": "", "grid": {}, "hideChart": false, "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.category\",\"params\":{\"query\":\"authentication\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.category\":\"authentication\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Endgame - Authentication Search", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "7a1fc780-6f07-11ec-864c-8b5450f97635", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "endgame-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}, {"id": "endgame-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", "type": "index-pattern"}], "sort": [1643385898421, 1753], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTkxLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"}, "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}", "panelsJSON": "[{\"version\":\"7.16.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":10,\"h\":10,\"i\":\"16f743b7-687e-43ce-86a5-3ad5c607c1fe\"},\"panelIndex\":\"16f743b7-687e-43ce-86a5-3ad5c607c1fe\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635) \\n \\n**Event Category** \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame** \\n[Endgame Alerts](https://ENDGAMEHOST/alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_16f743b7-687e-43ce-86a5-3ad5c607c1fe\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":10,\"y\":0,\"w\":14,\"h\":10,\"i\":\"b9a19eb1-8a99-4ba7-89e5-7176371c1365\"},\"panelIndex\":\"b9a19eb1-8a99-4ba7-89e5-7176371c1365\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Auth Count\",\"panelRefName\":\"panel_b9a19eb1-8a99-4ba7-89e5-7176371c1365\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":10,\"i\":\"f16a41be-56eb-4852-b44c-7303c89b3332\"},\"panelIndex\":\"f16a41be-56eb-4852-b44c-7303c89b3332\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Auth Username\",\"panelRefName\":\"panel_f16a41be-56eb-4852-b44c-7303c89b3332\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":10,\"w\":24,\"h\":15,\"i\":\"dc68201b-bd8a-4fe9-9009-68fe91013c9f\"},\"panelIndex\":\"dc68201b-bd8a-4fe9-9009-68fe91013c9f\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Auth Logs Over Time\",\"panelRefName\":\"panel_dc68201b-bd8a-4fe9-9009-68fe91013c9f\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":10,\"w\":24,\"h\":10,\"i\":\"c394186d-2848-42bf-a521-7ba497a3b3b6\"},\"panelIndex\":\"c394186d-2848-42bf-a521-7ba497a3b3b6\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Auth Hostname\",\"panelRefName\":\"panel_c394186d-2848-42bf-a521-7ba497a3b3b6\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":20,\"w\":24,\"h\":15,\"i\":\"c08e4616-5f26-4b6a-aa37-9c6a5e27d739\"},\"panelIndex\":\"c08e4616-5f26-4b6a-aa37-9c6a5e27d739\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[]}}},\"title\":\"Endgame - Auth Event Action (Donut)\",\"panelRefName\":\"panel_c08e4616-5f26-4b6a-aa37-9c6a5e27d739\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":25,\"w\":24,\"h\":10,\"i\":\"d7b3a140-a1a5-48d4-82a5-a84dc3a0285a\"},\"panelIndex\":\"d7b3a140-a1a5-48d4-82a5-a84dc3a0285a\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Auth Event Action\",\"panelRefName\":\"panel_d7b3a140-a1a5-48d4-82a5-a84dc3a0285a\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":15,\"i\":\"aa35ad44-a937-4fa6-9444-7bcb1922a167\"},\"panelIndex\":\"aa35ad44-a937-4fa6-9444-7bcb1922a167\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - Auth Event Outcome\",\"panelRefName\":\"panel_aa35ad44-a937-4fa6-9444-7bcb1922a167\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":50,\"w\":48,\"h\":18,\"i\":\"ffffbd7a-71f4-4977-bdf2-cad011e281c4\"},\"panelIndex\":\"ffffbd7a-71f4-4977-bdf2-cad011e281c4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ffffbd7a-71f4-4977-bdf2-cad011e281c4\"}]", "timeRestore": false, "title": "Endgame - Authentication", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "6c5aaff0-63f6-11ec-864c-8b5450f97635", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "754f7380-6d82-11ec-864c-8b5450f97635", "name": "16f743b7-687e-43ce-86a5-3ad5c607c1fe:panel_16f743b7-687e-43ce-86a5-3ad5c607c1fe", "type": "visualization"}, {"id": "63569670-6d6b-11ec-864c-8b5450f97635", "name": "b9a19eb1-8a99-4ba7-89e5-7176371c1365:panel_b9a19eb1-8a99-4ba7-89e5-7176371c1365", "type": "lens"}, {"id": "6b3841e0-6d6b-11ec-864c-8b5450f97635", "name": "f16a41be-56eb-4852-b44c-7303c89b3332:panel_f16a41be-56eb-4852-b44c-7303c89b3332", "type": "lens"}, {"id": "6f648670-6d6b-11ec-864c-8b5450f97635", "name": "dc68201b-bd8a-4fe9-9009-68fe91013c9f:panel_dc68201b-bd8a-4fe9-9009-68fe91013c9f", "type": "lens"}, {"id": "b6bd72c0-6d6b-11ec-864c-8b5450f97635", "name": "c394186d-2848-42bf-a521-7ba497a3b3b6:panel_c394186d-2848-42bf-a521-7ba497a3b3b6", "type": "lens"}, {"id": "d3e6cf90-6d6b-11ec-864c-8b5450f97635", "name": "c08e4616-5f26-4b6a-aa37-9c6a5e27d739:panel_c08e4616-5f26-4b6a-aa37-9c6a5e27d739", "type": "lens"}, {"id": "c9b17020-6d6b-11ec-864c-8b5450f97635", "name": "d7b3a140-a1a5-48d4-82a5-a84dc3a0285a:panel_d7b3a140-a1a5-48d4-82a5-a84dc3a0285a", "type": "lens"}, {"id": "072ae530-6d6c-11ec-864c-8b5450f97635", "name": "aa35ad44-a937-4fa6-9444-7bcb1922a167:panel_aa35ad44-a937-4fa6-9444-7bcb1922a167", "type": "lens"}, {"id": "7a1fc780-6f07-11ec-864c-8b5450f97635", "name": "ffffbd7a-71f4-4977-bdf2-cad011e281c4:panel_ffffbd7a-71f4-4977-bdf2-cad011e281c4", "type": "search"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1764], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTkyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Bro - Syslog - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Bro - Syslog - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "6c60a280-76b5-11e7-94e1-3d2ec4e57ed9", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "269ca380-76b4-11e7-8c3e-cfcdd8c95d87", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1766], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTkzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Sysmon - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Sysmon - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "8cfdeff0-6d6b-11e7-ad64-15aa071374a6", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "248c1d20-6d6b-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1768], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTk0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Sysmon - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Sysmon - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_hostname.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "7bc74b40-6d71-11e7-b09b-f57b22df6524", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "248c1d20-6d6b-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1770], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTk1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Sysmon - Event ID (Horizontal Bar Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Sysmon - Event ID (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event_id\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Event Type\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "e09f6010-6d72-11e7-b09b-f57b22df6524", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "248c1d20-6d6b-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1772], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTk2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Sysmon - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"Sysmon - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHHk1sxQT5EBNmq43Y", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "248c1d20-6d6b-11e7-ad64-15aa071374a6", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1774], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTk3LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\",\"time_zone\":\"America/New_York\"}},\"language\":\"lucene\"},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":96,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":28,\"x\":8,\"y\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":28,\"x\":28,\"y\":20,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":72,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":48,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":24,\"x\":16,\"y\":72,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":120,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"columns\":[\"event_type\",\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"}]", "timeRestore": false, "title": "z16.04 - Sysmon - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "6d189680-6d62-11e7-8ddb-e71eb260f4a3", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "8cfdeff0-6d6b-11e7-ad64-15aa071374a6", "name": "panel_1", "type": "visualization"}, {"id": "0eb1fd80-6d70-11e7-b09b-f57b22df6524", "name": "panel_2", "type": "visualization"}, {"id": "3072c750-6d71-11e7-b09b-f57b22df6524", "name": "panel_3", "type": "visualization"}, {"id": "7bc74b40-6d71-11e7-b09b-f57b22df6524", "name": "panel_4", "type": "visualization"}, {"id": "13ed0810-6d72-11e7-b09b-f57b22df6524", "name": "panel_5", "type": "visualization"}, {"id": "3b6c92c0-6d72-11e7-b09b-f57b22df6524", "name": "panel_6", "type": "visualization"}, {"id": "e09f6010-6d72-11e7-b09b-f57b22df6524", "name": "panel_7", "type": "visualization"}, {"id": "29611940-6d75-11e7-b09b-f57b22df6524", "name": "panel_8", "type": "visualization"}, {"id": "6b70b840-6d75-11e7-b09b-f57b22df6524", "name": "panel_9", "type": "visualization"}, {"id": "248c1d20-6d6b-11e7-ad64-15aa071374a6", "name": "panel_10", "type": "search"}, {"id": "AWDHHk1sxQT5EBNmq43Y", "name": "panel_11", "type": "visualization"}], "sort": [1643385898421, 1787], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTk4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "SMB - Action (Pie Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"SMB - Action (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"action.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "6f883480-3aad-11e7-8b17-0d8709b02c80", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "19849f30-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1789], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MTk5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SSL - Subject", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - SSL - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.certificate.subject.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssl.certificate.subject.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subject\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "6fccb600-75ec-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1791], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjAwLDE1XQ=="} +{"attributes": {"buildNum": 39457, "defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29", "defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645", "discover:sampleSize": 100, "securitySolution:defaultIndex": ["apm-*-transaction*", "traces-apm*", "auditbeat-*", "endgame-*", "filebeat-*", "logs-*", "packetbeat-*", "winlogbeat-*", "*:so-*"], "theme:darkMode": true, "timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"}, "coreMigrationVersion": "7.16.2", "id": "7.16.2", "migrationVersion": {"config": "7.13.0"}, "references": [], "sort": [1643385898421, 1792], "type": "config", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjAxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Strelka - File - MIME Flavors", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Strelka - File - MIME Flavors\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.flavors.mime.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "70243970-772c-11ea-bee5-af7f7c7b8e05", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1794], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjAyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Modbus - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"Modbus - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDG_9KpxQT5EBNmq4Oo", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "52dc9fe0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1796], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjAzLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]", "timeRestore": false, "title": "z16.04 - Bro - Modbus", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "70c005f0-3583-11e7-a588-05992195c551", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "0d168a30-363f-11e7-a6f7-4f44d7bf1c33", "name": "panel_1", "type": "visualization"}, {"id": "20eabd60-380b-11e7-a1cc-ebc6a7e70e84", "name": "panel_2", "type": "visualization"}, {"id": "3c65f500-380b-11e7-a1cc-ebc6a7e70e84", "name": "panel_3", "type": "visualization"}, {"id": "52dc9fe0-342e-11e7-9e93-53b62e1857b2", "name": "panel_4", "type": "search"}, {"id": "178209e0-6e1b-11e7-b553-7f80727663c1", "name": "panel_5", "type": "visualization"}, {"id": "AWDG_9KpxQT5EBNmq4Oo", "name": "panel_6", "type": "visualization"}, {"id": "453f8b90-4a58-11e8-9b0a-f1d33346f773", "name": "panel_7", "type": "visualization"}], "sort": [1643385898421, 1805], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjA0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "osquery - Chrome Extensions - Change Stats", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"osquery - ChromeExt - Change Stats\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":70}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Changes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"osquery.hostIdentifier.keyword\",\"customLabel\":\"Endpoints\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "71538370-18d5-11e9-932c-d12d2cf4ee95", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "0eee4360-18d4-11e9-932c-d12d2cf4ee95", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1807], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjA1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Connections - Total Bytes Per Source/Destination IP Pair", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Total Bytes\",\"field\":\"total_bytes\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_term\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Source IP\",\"field\":\"source_ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"2-orderAgg\",\"params\":{\"field\":\"total_bytes\"},\"schema\":\"orderAgg\",\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Destination IP\",\"field\":\"destination_ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"3-orderAgg\",\"params\":{\"field\":\"total_bytes\"},\"schema\":\"orderAgg\",\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Connections - Total Bytes Per Source/Destination IP Pair\",\"type\":\"table\"}"}, "coreMigrationVersion": "7.16.2", "id": "726cc040-48cf-11e8-9576-313be7c6b44b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1809], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjA2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SMB - File Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SMB - File Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Name\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "72f0f010-3aaf-11e7-a83b-b1b4da7d15f4", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "19849f30-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1811], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjA3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Log Type Per Sensor/Device", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Log Type Per Sensor/Device\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-host_from.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sensor/Device\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Log Type\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "733ce440-494d-11e8-9576-313be7c6b44b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1813], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjA4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "X.509 - Certificate Signing Algorithm", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"X.509 - Certificate Signing Algorithm\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"certificate_signing_algorithm.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Algorithm\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "738127f0-37d7-11e7-9efb-91e89505091f", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "f5038cc0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1815], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjA5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - FTP - Command", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - FTP - Command\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ftp.command.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "d3435690-755f-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1817], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjEwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - FTP - User", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"User\",\"field\":\"ftp.user.keyword\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"/kibana\",\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\"}}},\"label\":\"ftp.user.keyword: Descending\",\"params\":{}}],\"metrics\":[{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Security Onion - FTP - User\",\"type\":\"table\"}"}, "coreMigrationVersion": "7.16.2", "id": "8346bc70-7561-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1819], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjExLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - FTP - Password", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - FTP - Password\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ftp.password.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ftp.password.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Password\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "bc3e2bd0-7561-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1821], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjEyLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:ftp\",\"language\":\"kuery\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"728d0151-5dc6-429d-9b14-b457ab73d3fd\"},\"panelIndex\":\"728d0151-5dc6-429d-9b14-b457ab73d3fd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":15,\"h\":8,\"i\":\"1b99097d-a957-4163-9810-263a0e653c18\"},\"panelIndex\":\"1b99097d-a957-4163-9810-263a0e653c18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":8,\"i\":\"43bb3cf4-ee4a-4eba-8eea-8e133957fd48\"},\"panelIndex\":\"43bb3cf4-ee4a-4eba-8eea-8e133957fd48\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"87f23747-38c9-4d15-a85b-8beff66abaf4\"},\"panelIndex\":\"87f23747-38c9-4d15-a85b-8beff66abaf4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"d10ae5ac-6400-4a2c-a376-e6e74ed529ad\"},\"panelIndex\":\"d10ae5ac-6400-4a2c-a376-e6e74ed529ad\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":18,\"y\":8,\"w\":13,\"h\":19,\"i\":\"1bf79bc6-8595-41e0-8a7e-2b21bd2bd928\"},\"panelIndex\":\"1bf79bc6-8595-41e0-8a7e-2b21bd2bd928\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":31,\"y\":8,\"w\":17,\"h\":19,\"i\":\"e244437a-17a5-4e00-9176-f4e88ac54938\"},\"panelIndex\":\"e244437a-17a5-4e00-9176-f4e88ac54938\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":22,\"h\":16,\"i\":\"9196bb67-30ad-4a8e-b75f-22a9cced6f35\"},\"panelIndex\":\"9196bb67-30ad-4a8e-b75f-22a9cced6f35\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":22,\"y\":27,\"w\":26,\"h\":16,\"i\":\"9da1ff1b-aebe-45fb-9e48-420eafb1b655\"},\"panelIndex\":\"9da1ff1b-aebe-45fb-9e48-420eafb1b655\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":43,\"w\":48,\"h\":28,\"i\":\"c57349cc-4699-4d52-b386-14e1d1260c87\"},\"panelIndex\":\"c57349cc-4699-4d52-b386-14e1d1260c87\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]", "timeRestore": false, "title": "Security Onion - FTP", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "739bfad0-755a-11ea-9565-7315f4ee5cac", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "d3435690-755f-11ea-9565-7315f4ee5cac", "name": "panel_5", "type": "visualization"}, {"id": "5fcdb0c0-755f-11ea-9565-7315f4ee5cac", "name": "panel_6", "type": "visualization"}, {"id": "8346bc70-7561-11ea-9565-7315f4ee5cac", "name": "panel_7", "type": "visualization"}, {"id": "bc3e2bd0-7561-11ea-9565-7315f4ee5cac", "name": "panel_8", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_9", "type": "search"}], "sort": [1643385898421, 1832], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjEzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SMTP - \"From\" Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SMTP - \\\"From\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mail_from.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"From\\\" Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "73b1b240-39a2-11e7-8472-0151e5b2b475", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "a6cea530-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1834], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjE0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SIP - User Agent", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SIP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "73f663f0-3753-11e7-b74a-f5057991ccd2", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9e131480-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1836], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjE1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND highest_registered_domain:securityonion.net~ -securityonion.net\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "DNS - Phishing Attempts Against Organizational Domain(s)", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 0\":\"rgb(0,104,55)\",\"1 - 999999\":\"rgb(165,0,38)\"}}}", "version": 1, "visState": "{\"title\":\"DNS - Phishing Attempts Against Organizational Domain(s)\",\"type\":\"gauge\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"gauge\":{\"extendRange\":true,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":0},{\"from\":1,\"to\":999999}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":true,\"labels\":false,\"color\":\"#333\"},\"type\":\"meter\",\"style\":{\"bgWidth\":0.9,\"width\":0.9,\"mask\":false,\"bgMask\":false,\"maskBars\":50,\"bgFill\":\"#eee\",\"bgColor\":false,\"subText\":\"Edit this to reflect your domain(s)\",\"fontSize\":60,\"labelColor\":true},\"alignment\":\"horizontal\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Phishing attempts against your domain(s)\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "74861280-6f06-11e7-b253-211f64f37eda", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1838], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjE2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "RDP - Cookie", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"RDP - Cookie\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"cookie.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Cookie\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "75597b60-371c-11e7-90f8-87842d5eedc9", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "823dd600-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1840], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjE3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Tunnels - Type", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Tunnels - Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"tunnel.type.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tunnel.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "781447d0-75ef-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1842], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjE4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:intel\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Intel - Indicator Type (Donut)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - Intel - Indicator Type (Donut)\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"intel.indicator_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator Type\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true}}"}, "coreMigrationVersion": "7.16.2", "id": "78185810-0e61-11eb-a255-e1e8e85e3571", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1844], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjE5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "osquery - Chrome Extensions - Sensitive Permissions", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"osquery - Chrome Extensions - Sensitive Permissions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.columns.name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Extension Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.columns.permissions.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Permissions\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "78cf8bf0-1a59-11e9-ac0b-cb0ba10141ab", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "040dda10-18d8-11e9-932c-d12d2cf4ee95", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1846], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjIwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "MySQL - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"MySQL - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHBRrrxQT5EBNmq4TI", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "5d624230-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1848], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjIxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "MySQL - Response", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"MySQL - Response\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"response.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "9c411ad0-4a58-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "5d624230-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1850], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjIyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "MySQL - Success", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"MySQL - Success\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mysql_success.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "c48925a0-4a58-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "5d624230-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1852], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjIzLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":8,\"y\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"}]", "timeRestore": false, "title": "z16.04 - Bro - MySQL", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "7929f430-3583-11e7-a588-05992195c551", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "5d9031a0-363f-11e7-a6f7-4f44d7bf1c33", "name": "panel_0", "type": "visualization"}, {"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_1", "type": "visualization"}, {"id": "07e25650-3812-11e7-a1cc-ebc6a7e70e84", "name": "panel_2", "type": "visualization"}, {"id": "5d624230-342e-11e7-9e93-53b62e1857b2", "name": "panel_3", "type": "search"}, {"id": "AWDHBRrrxQT5EBNmq4TI", "name": "panel_4", "type": "visualization"}, {"id": "9c411ad0-4a58-11e8-9b0a-f1d33346f773", "name": "panel_5", "type": "visualization"}, {"id": "c48925a0-4a58-11e8-9b0a-f1d33346f773", "name": "panel_6", "type": "visualization"}], "sort": [1643385898421, 1860], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjI0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - FIle - Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - FIle - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Name\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "7a88adc0-75f0-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1862], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjI1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "RFB - Client Version", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"RFB - Client Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client_major_version.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client_minor_version.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "7c1e3f70-6e22-11e7-b553-7f80727663c1", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "8ba53710-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1864], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjI2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SMTP - Log Count Over TIme", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"SMTP - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "7c922990-3640-11e7-a6f7-4f44d7bf1c33", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "a6cea530-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1866], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjI3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"event_type:bro_http AND _exists_:virtual_host_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "HTTP - Virtual Host Frequency Analysis", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"HTTP - Virtual Host Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"virtual_host_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"virtual_host.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Virtual Host\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "7d1ede50-6f19-11e7-86c8-a1b6db3b051a", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1868], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjI4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SSH - Authentication Sucess", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - SSH - Authentication Sucess\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssh.authentication.success: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.authentication.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Success\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "7d61f430-75ea-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1870], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjI5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SNMP - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SNMP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "7dc62970-6e2a-11e7-8b76-75eee0095daa", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "b12150a0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1872], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjMwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "PE - Machine", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"PE - Machine\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"machine.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Machine\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "7de76e10-6e1f-11e7-b553-7f80727663c1", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "66288140-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1874], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjMxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND _exists_:highest_registered_domain_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "DNS - Highest Registered Domain Frequency Analysis", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DNS - Highest Registered Domain Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"highest_registered_domain_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"highest_registered_domain.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "7f1f00a0-6f04-11e7-b253-211f64f37eda", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1876], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjMyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "NIDS - Alerts Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"NIDS - Alerts Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "d58ec1a0-34e4-11e7-9669-7f1d3242b798", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9a5a35c0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1878], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjMzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "NIDS Alerts - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"NIDS Alerts - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "a6df8820-399f-11e7-8472-0151e5b2b475", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9a5a35c0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1880], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjM0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "NIDS Alerts - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"NIDS Alerts - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "db04aef0-399f-11e7-8472-0151e5b2b475", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9a5a35c0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1882], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjM1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "NIDS Alerts - Severity (Pie Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"NIDS Alerts - Severity (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"priority.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Priority\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "ba60bcf0-3af5-11e7-a83b-b1b4da7d15f4", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9a5a35c0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1884], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjM2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "NIDS - Alerts By Country (Vertical Bar Chart)", "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", "version": 1, "visState": "{\"title\":\"NIDS - Alerts By Country (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"title\":{\"text\":\"Country\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "81de16f0-6e0f-11e7-8624-1fb07dd76c6a", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9a5a35c0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1886], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjM3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "NIDS - Alert Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"NIDS - Alert Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDG3ym0xQT5EBNmq3mG", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9a5a35c0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1888], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjM4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "NIDS - Alert Summary", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"NIDS - Alert Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Alert\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "96c2cf10-4a3d-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9a5a35c0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1890], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjM5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "NIDS - Classification", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"NIDS - Classification\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"classification.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Classification\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "d66d54c0-4c89-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9a5a35c0-342f-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1892], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjQwLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":68,\"x\":0,\"y\":120,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":96,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":96,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":72,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":72,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":12,\"x\":8,\"y\":32,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":28,\"x\":0,\"y\":44,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":72,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":8,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"}]", "timeRestore": false, "title": "z16.04 - NIDS", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "7f27a830-34e5-11e7-9669-7f1d3242b798", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "d58ec1a0-34e4-11e7-9669-7f1d3242b798", "name": "panel_0", "type": "visualization"}, {"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_1", "type": "visualization"}, {"id": "9a5a35c0-342f-11e7-9e93-53b62e1857b2", "name": "panel_2", "type": "search"}, {"id": "a6df8820-399f-11e7-8472-0151e5b2b475", "name": "panel_3", "type": "visualization"}, {"id": "db04aef0-399f-11e7-8472-0151e5b2b475", "name": "panel_4", "type": "visualization"}, {"id": "620283e0-3af5-11e7-a83b-b1b4da7d15f4", "name": "panel_5", "type": "visualization"}, {"id": "ba60bcf0-3af5-11e7-a83b-b1b4da7d15f4", "name": "panel_6", "type": "visualization"}, {"id": "45464b50-3af6-11e7-a83b-b1b4da7d15f4", "name": "panel_7", "type": "visualization"}, {"id": "81de16f0-6e0f-11e7-8624-1fb07dd76c6a", "name": "panel_8", "type": "visualization"}, {"id": "AWDG3ym0xQT5EBNmq3mG", "name": "panel_9", "type": "visualization"}, {"id": "96c2cf10-4a3d-11e8-9b0a-f1d33346f773", "name": "panel_10", "type": "visualization"}, {"id": "3f040620-4a44-11e8-9b0a-f1d33346f773", "name": "panel_11", "type": "visualization"}, {"id": "d66d54c0-4c89-11e8-9b0a-f1d33346f773", "name": "panel_12", "type": "visualization"}], "sort": [1643385898421, 1906], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjQxLDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"7da5ad1e-8383-4383-9a2c-dfa2fc91eea5": {"columnOrder": ["0592df0d-869f-422f-ba64-848d9e3b5e66", "a451bb62-c37e-4924-9c6a-fea87810af73", "0c7b1b6a-1659-4cf8-97b2-9f3e0a4e14e1"], "columns": {"0592df0d-869f-422f-ba64-848d9e3b5e66": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "Logs Over Time By Top 10 Hosts", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "0c7b1b6a-1659-4cf8-97b2-9f3e0a4e14e1", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 10}, "scale": "ordinal", "sourceField": "host.name"}, "0c7b1b6a-1659-4cf8-97b2-9f3e0a4e14e1": {"dataType": "number", "isBucketed": false, "label": "Count of records", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "a451bb62-c37e-4924-9c6a-fea87810af73": {"dataType": "date", "isBucketed": true, "label": "@timestamp", "operationType": "date_histogram", "params": {"interval": "auto"}, "scale": "interval", "sourceField": "@timestamp"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": ""}, "visualization": {"layers": [{"accessors": ["0c7b1b6a-1659-4cf8-97b2-9f3e0a4e14e1"], "layerId": "7da5ad1e-8383-4383-9a2c-dfa2fc91eea5", "layerType": "data", "position": "top", "seriesType": "line", "showGridlines": false, "splitAccessor": "0592df0d-869f-422f-ba64-848d9e3b5e66", "xAccessor": "a451bb62-c37e-4924-9c6a-fea87810af73"}], "legend": {"isVisible": true, "position": "right"}, "preferredSeriesType": "line", "title": "Empty XY chart", "valueLabels": "hide", "yLeftExtent": {"mode": "full"}, "yRightExtent": {"mode": "full"}}}, "title": "Endgame - Logs Over Time By Top 10 Hosts", "visualizationType": "lnsXY"}, "coreMigrationVersion": "7.16.2", "id": "7f34e6e0-624d-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-7da5ad1e-8383-4383-9a2c-dfa2fc91eea5", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 1910], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjQyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Connections - Destination - Top Connection Duration (Tile Map)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Connections - Destination - Top Connection Duration (Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"duration\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "7f7492d0-46c4-11e7-a82e-d97152153689", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1912], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjQzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Host - MAC", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Host - MAC\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.mac.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "eaa31ba0-7374-11ea-a3da-cbdb4f8a90c0", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1914], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjQ0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - DHCP - Requested Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - DHCP - Requested Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dhcp.requested_address.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Requested Address\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "9a693c50-7374-11ea-a3da-cbdb4f8a90c0", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1916], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjQ1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - DHCP - Assigned Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - DHCP - Assigned Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dhcp.assigned_ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Assigned Address\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "cc3aaf20-7374-11ea-a3da-cbdb4f8a90c0", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1918], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjQ2LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:dhcp\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"7e10f47b-2096-452d-9b40-be150226504f\"},\"panelIndex\":\"7e10f47b-2096-452d-9b40-be150226504f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":10,\"h\":9,\"i\":\"a795e5b9-2afd-43ef-91db-cd9c23a996f9\"},\"panelIndex\":\"a795e5b9-2afd-43ef-91db-cd9c23a996f9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":9,\"i\":\"d0f65b83-17cd-4a8c-950d-06e5e88bf80b\"},\"panelIndex\":\"d0f65b83-17cd-4a8c-950d-06e5e88bf80b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":20,\"i\":\"c5565d1e-719c-4401-b886-1ad84638b855\"},\"panelIndex\":\"c5565d1e-719c-4401-b886-1ad84638b855\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":20,\"i\":\"ada9481a-335b-4091-ac4e-5f94c96e4cea\"},\"panelIndex\":\"ada9481a-335b-4091-ac4e-5f94c96e4cea\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":9,\"w\":8,\"h\":20,\"i\":\"bcba795f-8008-4f91-887d-35b5aff11022\"},\"panelIndex\":\"bcba795f-8008-4f91-887d-35b5aff11022\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":9,\"w\":7,\"h\":20,\"i\":\"a9615bc2-7e50-4a88-be1c-53eb7096e093\"},\"panelIndex\":\"a9615bc2-7e50-4a88-be1c-53eb7096e093\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":31,\"y\":9,\"w\":17,\"h\":20,\"i\":\"87dce718-7595-4bb0-b1be-b2f51518f026\"},\"panelIndex\":\"87dce718-7595-4bb0-b1be-b2f51518f026\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":29,\"w\":48,\"h\":29,\"i\":\"4f1bdb3c-15b5-4d72-bc4f-96a266423272\"},\"panelIndex\":\"4f1bdb3c-15b5-4d72-bc4f-96a266423272\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]", "timeRestore": false, "title": "Security Onion - DHCP", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "80625c10-96dd-11ea-814e-bb515e873c2c", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "c879ad60-72a1-11ea-8dd2-9d8795a1200b", "name": "panel_2", "type": "visualization"}, {"id": "eaa31ba0-7374-11ea-a3da-cbdb4f8a90c0", "name": "panel_3", "type": "visualization"}, {"id": "9a693c50-7374-11ea-a3da-cbdb4f8a90c0", "name": "panel_4", "type": "visualization"}, {"id": "cc3aaf20-7374-11ea-a3da-cbdb4f8a90c0", "name": "panel_5", "type": "visualization"}, {"id": "2af5f980-96e2-11ea-814e-bb515e873c2c", "name": "panel_6", "type": "visualization"}, {"id": "36200e40-c76b-11ea-bebb-37c5ab5894ea", "name": "panel_7", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_8", "type": "search"}], "sort": [1643385898421, 1928], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjQ3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "PE - Subsystem (Pie Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"PE - Subsystem (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"subsystem.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "807da390-380c-11e7-a1cc-ebc6a7e70e84", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "66288140-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1930], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjQ4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - PE - Subsytem", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.subsystem.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subsystem\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - PE - Subsytem\"}"}, "coreMigrationVersion": "7.16.2", "id": "80a39cb0-c762-11ea-bebb-37c5ab5894ea", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1932], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjQ5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - MySQL - Success", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - MySQL - Success\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"mysql.success: Descending\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Success\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "80aa0c60-75c0-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1934], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjUwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Rule - SID", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Rule - SID\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.uuid\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Rule ID\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "a47ffc70-96f0-11ea-814e-bb515e873c2c", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1936], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjUxLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:alert AND event.module:suricata\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":8,\"i\":\"afb23064-13dc-4b97-b1be-cf672a6cfb56\"},\"panelIndex\":\"afb23064-13dc-4b97-b1be-cf672a6cfb56\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":7,\"y\":0,\"w\":17,\"h\":8,\"i\":\"67961875-85aa-443b-9cac-130c8783cd8d\"},\"panelIndex\":\"67961875-85aa-443b-9cac-130c8783cd8d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":8,\"i\":\"44bf55fb-18d8-4ae6-a15a-902042d3623c\"},\"panelIndex\":\"44bf55fb-18d8-4ae6-a15a-902042d3623c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":8,\"w\":19,\"h\":20,\"i\":\"cedf23aa-c331-496a-bf27-7c9c8f587d80\"},\"panelIndex\":\"cedf23aa-c331-496a-bf27-7c9c8f587d80\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":19,\"y\":8,\"w\":9,\"h\":20,\"i\":\"a2e54d3b-ee05-4d67-82d2-4ac917d9ec4b\"},\"panelIndex\":\"a2e54d3b-ee05-4d67-82d2-4ac917d9ec4b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":28,\"y\":8,\"w\":10,\"h\":20,\"i\":\"ab088b32-c40e-4a1c-9dcd-758c1ad97edc\"},\"panelIndex\":\"ab088b32-c40e-4a1c-9dcd-758c1ad97edc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":38,\"y\":8,\"w\":10,\"h\":20,\"i\":\"2faea405-e4d3-488b-adfa-373b135d2122\"},\"panelIndex\":\"2faea405-e4d3-488b-adfa-373b135d2122\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":28,\"w\":19,\"h\":18,\"i\":\"728a4c22-9a7e-4152-a4d6-eed2d728abb8\"},\"panelIndex\":\"728a4c22-9a7e-4152-a4d6-eed2d728abb8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":19,\"y\":28,\"w\":19,\"h\":18,\"i\":\"32459b34-f7be-4ac0-a672-7a9697ce3bca\"},\"panelIndex\":\"32459b34-f7be-4ac0-a672-7a9697ce3bca\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":38,\"y\":28,\"w\":10,\"h\":18,\"i\":\"0681c2c1-531d-4f5e-a73f-8382789cbd14\"},\"panelIndex\":\"0681c2c1-531d-4f5e-a73f-8382789cbd14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":46,\"w\":48,\"h\":20,\"i\":\"b7ad7fb7-60d2-4a1c-b71a-c438626507af\"},\"panelIndex\":\"b7ad7fb7-60d2-4a1c-b71a-c438626507af\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"}]", "timeRestore": false, "title": "Security Onion - Alerts - Suricata", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "81057f40-7733-11ea-bee5-af7f7c7b8e05", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "30df00e0-7733-11ea-bee5-af7f7c7b8e05", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "508fb520-72af-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_5", "type": "visualization"}, {"id": "f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_6", "type": "visualization"}, {"id": "a37b9fa0-72b0-11ea-8dd2-9d8795a1200b", "name": "panel_7", "type": "visualization"}, {"id": "f7e1d570-72ae-11ea-8dd2-9d8795a1200b", "name": "panel_8", "type": "visualization"}, {"id": "a47ffc70-96f0-11ea-814e-bb515e873c2c", "name": "panel_9", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_10", "type": "search"}], "sort": [1643385898421, 1948], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjUyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SIP - Response From", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - SIP - Response From\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.response.from.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.response.from.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Response From\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "81a1a740-75ca-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1950], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjUzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Connections - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Connections - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "8261cf00-366e-11e7-8c78-e3086faf385c", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1952], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjU0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "SNMP - Community String", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SNMP - Community String\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"community.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Community String\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "83a91450-4c79-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "b12150a0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1954], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjU1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - Network Data Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - Network Data Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":true},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":true,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT30M\",\"intervalESValue\":30,\"intervalESUnit\":\"m\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-03-24T15:15:25.819Z\",\"max\":\"2020-03-25T15:15:25.819Z\"}},\"label\":\"@timestamp per 30 minutes\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\",\"mode\":\"quick\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"}, "coreMigrationVersion": "7.16.2", "id": "8491c4b0-6eab-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "387f44c0-6ea7-11ea-9266-1fd14ca6af34", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1956], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjU2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "DHCP - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"DHCP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "e9a7fe80-357b-11e7-ac34-8965f6420c51", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "ac1799d0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1958], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjU3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "DHCP - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"DHCP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDG80RwxQT5EBNmq38x", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "ac1799d0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1960], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjU4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "DHCP - Message Types", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DHCP - Message Types\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"message_types.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message Types\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "a88e1020-0edb-11e9-9846-59f545e7293f", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "ac1799d0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1962], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjU5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "DHCP - Domain Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DHCP - Domain Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"domain_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Domain Name\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "ce859b40-0edb-11e9-9846-59f545e7293f", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "ac1799d0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1964], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjYwLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":76,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":21,\"y\":52,\"w\":13,\"h\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":52,\"w\":13,\"h\":24,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":40,\"h\":25,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":76,\"w\":48,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":34,\"y\":52,\"w\":14,\"h\":24,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":33,\"w\":26,\"h\":19,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":34,\"y\":33,\"w\":14,\"h\":19,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]", "timeRestore": false, "title": "z16.04 - Bro - DHCP", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "85348270-357b-11e7-ac34-8965f6420c51", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "e9a7fe80-357b-11e7-ac34-8965f6420c51", "name": "panel_0", "type": "visualization"}, {"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_1", "type": "visualization"}, {"id": "1055ada0-3655-11e7-baa7-b7de4ee40605", "name": "panel_2", "type": "visualization"}, {"id": "317f8410-3655-11e7-baa7-b7de4ee40605", "name": "panel_3", "type": "visualization"}, {"id": "AWDG80RwxQT5EBNmq38x", "name": "panel_4", "type": "visualization"}, {"id": "4e877100-4a48-11e8-9b0a-f1d33346f773", "name": "panel_5", "type": "visualization"}, {"id": "ac1799d0-342d-11e7-9e93-53b62e1857b2", "name": "panel_6", "type": "search"}, {"id": "58c84f60-0edb-11e9-9846-59f545e7293f", "name": "panel_7", "type": "visualization"}, {"id": "a88e1020-0edb-11e9-9846-59f545e7293f", "name": "panel_8", "type": "visualization"}, {"id": "ce859b40-0edb-11e9-9846-59f545e7293f", "name": "panel_9", "type": "visualization"}], "sort": [1643385898421, 1975], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjYxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:intel\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Intel - Indicator", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Intel - Indicator\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"intel.indicator.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Indicator\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"row\":true,\"showToolbar\":true}}"}, "coreMigrationVersion": "7.16.2", "id": "db8c57c0-0e5c-11eb-a255-e1e8e85e3571", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1977], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjYyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:intel\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Intel - Source", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Intel - Source\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"intel.sources.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"}, "coreMigrationVersion": "7.16.2", "id": "b4222d00-0e60-11eb-a255-e1e8e85e3571", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1979], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjYzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Intel - Seen Where", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Intel - Seen Where\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"intel.seen_where.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Seen Where\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"}, "coreMigrationVersion": "7.16.2", "id": "ec57d300-0e60-11eb-a255-e1e8e85e3571", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1981], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjY0LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:intel\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"a9613b03-8b84-4149-9dfa-5b059c1e0e70\"},\"panelIndex\":\"a9613b03-8b84-4149-9dfa-5b059c1e0e70\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":9,\"i\":\"77e957c4-13ac-480c-b799-0bd39559781b\"},\"panelIndex\":\"77e957c4-13ac-480c-b799-0bd39559781b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":9,\"i\":\"722a0294-a47b-4cd1-85c0-37f9933552c5\"},\"panelIndex\":\"722a0294-a47b-4cd1-85c0-37f9933552c5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":9,\"w\":10,\"h\":21,\"i\":\"a008c6c0-0e76-4dc6-802b-72d68ad0c10d\"},\"panelIndex\":\"a008c6c0-0e76-4dc6-802b-72d68ad0c10d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":10,\"y\":9,\"w\":10,\"h\":21,\"i\":\"0adce98b-c9e8-469b-8cac-fb4ceb35b68a\"},\"panelIndex\":\"0adce98b-c9e8-469b-8cac-fb4ceb35b68a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":20,\"y\":9,\"w\":13,\"h\":21,\"i\":\"2b95ef19-525e-4659-8ab3-67cb0e9dc41a\"},\"panelIndex\":\"2b95ef19-525e-4659-8ab3-67cb0e9dc41a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":21,\"i\":\"bde38fe7-9aec-4e19-b9fe-035ee6a66ef7\"},\"panelIndex\":\"bde38fe7-9aec-4e19-b9fe-035ee6a66ef7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":30,\"w\":24,\"h\":15,\"i\":\"2fa3b43b-f3b3-4eeb-8f32-1a3f2ccfc6c0\"},\"panelIndex\":\"2fa3b43b-f3b3-4eeb-8f32-1a3f2ccfc6c0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":24,\"y\":30,\"w\":24,\"h\":15,\"i\":\"79c4ec17-8411-49d8-82af-6921a321dd3b\"},\"panelIndex\":\"79c4ec17-8411-49d8-82af-6921a321dd3b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":34,\"i\":\"779d2461-4d8a-4254-b380-26650a52a026\"},\"panelIndex\":\"779d2461-4d8a-4254-b380-26650a52a026\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]", "timeRestore": false, "title": "Security Onion - Intel", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "85b529a0-0e5a-11eb-a255-e1e8e85e3571", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "db8c57c0-0e5c-11eb-a255-e1e8e85e3571", "name": "panel_5", "type": "visualization"}, {"id": "b4222d00-0e60-11eb-a255-e1e8e85e3571", "name": "panel_6", "type": "visualization"}, {"id": "6b109430-0e60-11eb-a255-e1e8e85e3571", "name": "panel_7", "type": "visualization"}, {"id": "ec57d300-0e60-11eb-a255-e1e8e85e3571", "name": "panel_8", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_9", "type": "search"}], "sort": [1643385898421, 1992], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjY1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SMB - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"SMB - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per minute\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "85e40a70-3aac-11e7-8b17-0d8709b02c80", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "19849f30-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1994], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjY2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "RFB - Authentication Status (Donut Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"RFB - Authentication Status (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"auth.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Authentication Status\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "869e3030-371e-11e7-90f8-87842d5eedc9", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "8ba53710-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 1996], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjY3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Modbus - Exception", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - Modbus - Exception\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"modbus.exception.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"modbus.exception.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Exception\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "93cdb730-75be-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 1998], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjY4LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:modbus\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"dcdc1d0b-bec1-402d-a34b-39464e9a2749\"},\"panelIndex\":\"dcdc1d0b-bec1-402d-a34b-39464e9a2749\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"ccbb40c9-d2e4-4592-a91f-b1f6912a35f9\"},\"panelIndex\":\"ccbb40c9-d2e4-4592-a91f-b1f6912a35f9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"32fd8cfa-64ad-41d7-b4f7-2c71f351916a\"},\"panelIndex\":\"32fd8cfa-64ad-41d7-b4f7-2c71f351916a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":19,\"i\":\"b15f438a-6f24-4099-90e6-d66f950029bc\"},\"panelIndex\":\"b15f438a-6f24-4099-90e6-d66f950029bc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":8,\"h\":19,\"i\":\"089f29d5-cf23-4b6a-8b80-27911ffd6b1a\"},\"panelIndex\":\"089f29d5-cf23-4b6a-8b80-27911ffd6b1a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":8,\"w\":14,\"h\":19,\"i\":\"4154e8b1-e314-4623-aaf4-0404a108551a\"},\"panelIndex\":\"4154e8b1-e314-4623-aaf4-0404a108551a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":8,\"w\":18,\"h\":19,\"i\":\"8acbc44d-4fe2-42b0-a6e9-4a3bc4e4aeb6\"},\"panelIndex\":\"8acbc44d-4fe2-42b0-a6e9-4a3bc4e4aeb6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":29,\"i\":\"c4d3c93a-746f-4edc-835c-66f1380fc5d4\"},\"panelIndex\":\"c4d3c93a-746f-4edc-835c-66f1380fc5d4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]", "timeRestore": false, "title": "Security Onion - Modbus", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "886a7b90-75bd-11ea-9565-7315f4ee5cac", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "c879ad60-72a1-11ea-8dd2-9d8795a1200b", "name": "panel_2", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "62449800-75be-11ea-9565-7315f4ee5cac", "name": "panel_5", "type": "visualization"}, {"id": "93cdb730-75be-11ea-9565-7315f4ee5cac", "name": "panel_6", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_7", "type": "search"}], "sort": [1643385898421, 2007], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjY5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "PE - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"PE - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "9cffd160-363f-11e7-a6f7-4f44d7bf1c33", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "66288140-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2009], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjcwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "PE - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"PE - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHCUeZxQT5EBNmq4Xy", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "66288140-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2011], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjcxLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":16,\"x\":28,\"y\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":16,\"x\":8,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":28,\"x\":0,\"y\":48,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"columns\":[\"fuid\",\"machine\",\"is_exe\",\"is_64bit\",\"subsystem\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":24,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":24,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]", "timeRestore": false, "title": "z16.04 - Bro - PE", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "8a10e380-3583-11e7-a588-05992195c551", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "9cffd160-363f-11e7-a6f7-4f44d7bf1c33", "name": "panel_1", "type": "visualization"}, {"id": "45c4ae10-380c-11e7-a1cc-ebc6a7e70e84", "name": "panel_2", "type": "visualization"}, {"id": "807da390-380c-11e7-a1cc-ebc6a7e70e84", "name": "panel_3", "type": "visualization"}, {"id": "66288140-342e-11e7-9e93-53b62e1857b2", "name": "panel_4", "type": "search"}, {"id": "4e56b4d0-416f-11e7-9850-b78558d0ac17", "name": "panel_5", "type": "visualization"}, {"id": "7de76e10-6e1f-11e7-b553-7f80727663c1", "name": "panel_6", "type": "visualization"}, {"id": "AWDHCUeZxQT5EBNmq4Xy", "name": "panel_7", "type": "visualization"}], "sort": [1643385898421, 2020], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjcyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SSH - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SSH - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "8a60eb50-365f-11e7-8c78-e3086faf385c", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c33e7600-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2022], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjczLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SSH - HASSH", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - SSH - HASSH\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hash.hassh.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "8afa5f50-75eb-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2024], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mjc0LDE1XQ=="} +{"attributes": {"description": "based on the Endgame - Categories with Full Event Type viz, modded by rlp 20211220", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Endgame - Event Categories", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"asc\"}}}}", "version": 1, "visState": "{\"title\":\"Endgame - Event Categories\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"event.category\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"showTotal\":false,\"showToolbar\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"row\":true}}"}, "coreMigrationVersion": "7.16.2", "id": "8b3bb5c0-61af-11ec-864c-8b5450f97635", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "endgame-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 2027], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mjc1LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"129a936c-78f7-4b8a-91a7-712c80565727": {"columnOrder": ["4335200b-f044-42ae-88fb-5a21866cebe0", "b9c21cd1-839b-4e12-b602-b834e52e378e", "4c86d61d-2f88-4bfc-b2be-474179593cba"], "columns": {"4335200b-f044-42ae-88fb-5a21866cebe0": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "type", "operationType": "terms", "params": {"missingBucket": true, "orderBy": {"columnId": "4c86d61d-2f88-4bfc-b2be-474179593cba", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 10}, "scale": "ordinal", "sourceField": "type"}, "4c86d61d-2f88-4bfc-b2be-474179593cba": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "b9c21cd1-839b-4e12-b602-b834e52e378e": {"customLabel": true, "dataType": "ip", "isBucketed": true, "label": "host.ip", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "4c86d61d-2f88-4bfc-b2be-474179593cba", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "host.ip"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.category", "negate": false, "params": {"query": "registry"}, "type": "phrase"}, "query": {"match_phrase": {"event.category": "registry"}}}], "query": {"language": "kuery", "query": ""}, "visualization": {"columns": [{"columnId": "4335200b-f044-42ae-88fb-5a21866cebe0", "isTransposed": false}, {"columnId": "b9c21cd1-839b-4e12-b602-b834e52e378e", "isTransposed": false}, {"columnId": "4c86d61d-2f88-4bfc-b2be-474179593cba", "isTransposed": false}], "layerId": "129a936c-78f7-4b8a-91a7-712c80565727", "layerType": "data"}}, "title": "Endgame - Registry Type", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "8d1f99e0-6e45-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-129a936c-78f7-4b8a-91a7-712c80565727", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 2032], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mjc2LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"3b6026b4-9c36-4fbc-9f90-bd5580303bea": {"columnOrder": ["d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721", "ff0a89b4-427d-4739-bb83-86794a1f4289"], "columns": {"d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "user.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "ff0a89b4-427d-4739-bb83-86794a1f4289", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 20}, "scale": "ordinal", "sourceField": "user.name"}, "ff0a89b4-427d-4739-bb83-86794a1f4289": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count", "operationType": "count", "scale": "ratio", "sourceField": "Records"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": "event.kind : \"alert\" "}, "visualization": {"columns": [{"columnId": "d3b0fc48-6659-4b1a-b57d-a8b2ee3e8721"}, {"columnId": "ff0a89b4-427d-4739-bb83-86794a1f4289"}], "layerId": "3b6026b4-9c36-4fbc-9f90-bd5580303bea", "layerType": "data"}}, "title": "Endgame - Alerted Users", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "8da24210-6cbe-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-3b6026b4-9c36-4fbc-9f90-bd5580303bea", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 2036], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mjc3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Weird - Notice Generated (Donut Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Weird - Notice Generated (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"notice.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "8dbbbed0-364e-11e7-9dc3-d35061cb642d", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "e32d0d50-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2038], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mjc4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "RDP - Client Build", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"RDP - Client Build\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client_build.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client Build\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "8e18ee60-371c-11e7-90f8-87842d5eedc9", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "823dd600-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2040], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mjc5LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"367cf35f-001a-4014-acc6-677bc504a945": {"columnOrder": ["6170616f-f2d9-47b9-8bdd-aeb746b4b2cb", "217236ba-3def-46da-8aa0-3c41d3484a50"], "columns": {"217236ba-3def-46da-8aa0-3c41d3484a50": {"dataType": "number", "isBucketed": false, "label": "Count of records", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "6170616f-f2d9-47b9-8bdd-aeb746b4b2cb": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "event.type", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "217236ba-3def-46da-8aa0-3c41d3484a50", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 5}, "scale": "ordinal", "sourceField": "event.type"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.category", "negate": false, "params": {"query": "file"}, "type": "phrase"}, "query": {"match_phrase": {"event.category": "file"}}}], "query": {"language": "kuery", "query": ""}, "visualization": {"columns": [{"columnId": "6170616f-f2d9-47b9-8bdd-aeb746b4b2cb"}, {"columnId": "217236ba-3def-46da-8aa0-3c41d3484a50"}], "layerId": "367cf35f-001a-4014-acc6-677bc504a945", "layerType": "data"}}, "title": "Endgame - File Event Type", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "8f2285f0-6d6d-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-367cf35f-001a-4014-acc6-677bc504a945", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 2045], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjgwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl AND _exists_:certificate_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "SSL - Certificate Common Name Frequency Analysis", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SSL - Certificate Common Name Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"certificate_common_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_common_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Common Name\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "8fa702e0-6f0b-11e7-9d31-23c0596994a7", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2047], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjgxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Files - MIME Type", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - Files - MIME Type\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.mimetype.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"file.mimetype.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MIMEType\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "8fb3c480-75f2-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2049], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjgyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "All Sensors - Log Type", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"All Sensors - Log Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Log Type(s)\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "901bda80-a83f-11e7-893a-1b88920b2837", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "aa05e920-3433-11e7-8867-29a39c0f86b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2051], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjgzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "RADIUS - Log Count Over TIme", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"RADIUS - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "ccb3e270-363f-11e7-a6f7-4f44d7bf1c33", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "75545310-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2053], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mjg0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "RADIUS - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"RADIUS - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "b48442b0-3808-11e7-a1cc-ebc6a7e70e84", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "75545310-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2055], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mjg1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "RADIUS - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"RADIUS - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "cea78b70-3808-11e7-a1cc-ebc6a7e70e84", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "75545310-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2057], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mjg2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "RADIUS - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"RADIUS - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "b0456970-6e1f-11e7-b553-7f80727663c1", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "75545310-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2059], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mjg3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "RADIUS - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"RADIUS - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHCgWzxQT5EBNmq4Y5", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "75545310-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2061], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mjg4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "RADIUS - Username", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"RADIUS - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "e827bab0-4a5a-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "75545310-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2063], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mjg5LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":32,\"w\":14,\"h\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":22,\"y\":32,\"w\":14,\"h\":24,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":56,\"w\":24,\"h\":24,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":56,\"w\":24,\"h\":24,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":80,\"w\":48,\"h\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":36,\"y\":32,\"w\":12,\"h\":24,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":24,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":24,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"}]", "timeRestore": false, "title": "z16.04 - Bro - RADIUS", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "90b246c0-3583-11e7-a588-05992195c551", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "ccb3e270-363f-11e7-a6f7-4f44d7bf1c33", "name": "panel_1", "type": "visualization"}, {"id": "b48442b0-3808-11e7-a1cc-ebc6a7e70e84", "name": "panel_2", "type": "visualization"}, {"id": "cea78b70-3808-11e7-a1cc-ebc6a7e70e84", "name": "panel_3", "type": "visualization"}, {"id": "10cd7190-3809-11e7-a1cc-ebc6a7e70e84", "name": "panel_4", "type": "visualization"}, {"id": "5df79fe0-3809-11e7-a1cc-ebc6a7e70e84", "name": "panel_5", "type": "visualization"}, {"id": "75545310-342e-11e7-9e93-53b62e1857b2", "name": "panel_6", "type": "search"}, {"id": "b0456970-6e1f-11e7-b553-7f80727663c1", "name": "panel_7", "type": "visualization"}, {"id": "AWDHCgWzxQT5EBNmq4Y5", "name": "panel_8", "type": "visualization"}, {"id": "e827bab0-4a5a-11e8-9b0a-f1d33346f773", "name": "panel_9", "type": "visualization"}, {"id": "30348db0-4a5b-11e8-9b0a-f1d33346f773", "name": "panel_10", "type": "visualization"}], "sort": [1643385898421, 2075], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjkwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "SIP - Destination Country (Pie Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"SIP - Destination Country (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "90bf0a80-3750-11e7-b74a-f5057991ccd2", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9e131480-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2077], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjkxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\n \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"\n}"}, "title": "Security Onion - Rule - ID", "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}", "version": 1, "visState": "{\"title\":\"Security Onion - Rule - ID\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.uuid\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ID\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "91bd9990-7737-11ea-bee5-af7f7c7b8e05", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2079], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjkyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Bro - Syslog - Log Count Over Time", "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", "version": 1, "visState": "{\"title\":\"Bro - Syslog - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "92b202e0-76b4-11e7-94e1-3d2ec4e57ed9", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "269ca380-76b4-11e7-8c3e-cfcdd8c95d87", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2081], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MjkzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Host - Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Host - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Agent Name\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "f03402e0-72bc-11ea-8dd2-9d8795a1200b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2083], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mjk0LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.category:host\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":8,\"i\":\"c743998d-d4c5-429f-87ce-67bac2649e72\"},\"panelIndex\":\"c743998d-d4c5-429f-87ce-67bac2649e72\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":15,\"h\":8,\"i\":\"8acc6336-35b7-4c1a-b0ef-3b3ec6870b1f\"},\"panelIndex\":\"8acc6336-35b7-4c1a-b0ef-3b3ec6870b1f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":8,\"i\":\"8485e0bf-8342-42ff-82b4-eb2611191060\"},\"panelIndex\":\"8485e0bf-8342-42ff-82b4-eb2611191060\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":18,\"i\":\"ba08df96-10b9-4b30-803f-f40387867ccc\"},\"panelIndex\":\"ba08df96-10b9-4b30-803f-f40387867ccc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":8,\"y\":8,\"w\":7,\"h\":18,\"i\":\"254bcae3-60d3-4193-b258-6f9f3eba0af3\"},\"panelIndex\":\"254bcae3-60d3-4193-b258-6f9f3eba0af3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":15,\"y\":8,\"w\":8,\"h\":18,\"i\":\"89d115c0-ee70-4250-9742-fb3c554e69a7\"},\"panelIndex\":\"89d115c0-ee70-4250-9742-fb3c554e69a7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":23,\"y\":8,\"w\":25,\"h\":18,\"i\":\"0c1675bb-01ef-4020-95f1-3f35e0c6fad8\"},\"panelIndex\":\"0c1675bb-01ef-4020-95f1-3f35e0c6fad8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":26,\"w\":48,\"h\":20,\"i\":\"38bc9e98-7934-4d1b-89fa-1b57765086c3\"},\"panelIndex\":\"38bc9e98-7934-4d1b-89fa-1b57765086c3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]", "timeRestore": false, "title": "Security Onion - Host", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "92e63cc0-6ec0-11ea-9266-1fd14ca6af34", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "df50eba0-6ec0-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "c879ad60-72a1-11ea-8dd2-9d8795a1200b", "name": "panel_2", "type": "visualization"}, {"id": "8b065a80-6eca-11ea-9266-1fd14ca6af34", "name": "panel_3", "type": "visualization"}, {"id": "ad398b70-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_4", "type": "visualization"}, {"id": "f03402e0-72bc-11ea-8dd2-9d8795a1200b", "name": "panel_5", "type": "visualization"}, {"id": "758187b0-72bd-11ea-8dd2-9d8795a1200b", "name": "panel_6", "type": "visualization"}, {"id": "a866be10-0e45-11eb-a255-e1e8e85e3571", "name": "panel_7", "type": "search"}], "sort": [1643385898421, 2092], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mjk1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SIP - Content Type", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SIP - Content Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"content_type.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Content Type\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "930b1600-3753-11e7-b74a-f5057991ccd2", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9e131480-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2094], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mjk2LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.module:ossec AND event.dataset:alert\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":8,\"i\":\"c2172038-7740-458c-977a-98d139c438c2\"},\"panelIndex\":\"c2172038-7740-458c-977a-98d139c438c2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":8,\"y\":0,\"w\":18,\"h\":8,\"i\":\"b18f1671-c1a0-44c8-946b-71bc21e62482\"},\"panelIndex\":\"b18f1671-c1a0-44c8-946b-71bc21e62482\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":26,\"y\":0,\"w\":22,\"h\":8,\"i\":\"b26faccc-11d5-4cc3-8fd2-484b5e3659bc\"},\"panelIndex\":\"b26faccc-11d5-4cc3-8fd2-484b5e3659bc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":8,\"w\":12,\"h\":19,\"i\":\"1f88747a-06f5-4450-8d08-150d0cd37667\"},\"panelIndex\":\"1f88747a-06f5-4450-8d08-150d0cd37667\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":12,\"y\":8,\"w\":11,\"h\":19,\"i\":\"0b5a83d1-8f56-4616-b0aa-af25a1995379\"},\"panelIndex\":\"0b5a83d1-8f56-4616-b0aa-af25a1995379\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":23,\"y\":8,\"w\":7,\"h\":19,\"i\":\"a4bd8139-6fdd-476e-b6ff-8dd036e0f747\"},\"panelIndex\":\"a4bd8139-6fdd-476e-b6ff-8dd036e0f747\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":30,\"y\":8,\"w\":8,\"h\":19,\"i\":\"df2cccc2-5ac2-4522-9756-76a16ba2b0ce\"},\"panelIndex\":\"df2cccc2-5ac2-4522-9756-76a16ba2b0ce\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":38,\"y\":8,\"w\":10,\"h\":19,\"i\":\"8b5674df-aad2-4af7-aa91-90a9d3e3980c\"},\"panelIndex\":\"8b5674df-aad2-4af7-aa91-90a9d3e3980c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":21,\"i\":\"365259e4-659e-4950-8e82-b8d8fc7fadca\"},\"panelIndex\":\"365259e4-659e-4950-8e82-b8d8fc7fadca\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]", "timeRestore": false, "title": "Security Onion - Wazuh", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "9480f190-7732-11ea-bee5-af7f7c7b8e05", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "30df00e0-7733-11ea-bee5-af7f7c7b8e05", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "508fb520-72af-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "f7e1d570-72ae-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "91bd9990-7737-11ea-bee5-af7f7c7b8e05", "name": "panel_5", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_6", "type": "visualization"}, {"id": "407784f0-7738-11ea-bee5-af7f7c7b8e05", "name": "panel_7", "type": "visualization"}, {"id": "a866be10-0e45-11eb-a255-e1e8e85e3571", "name": "panel_8", "type": "search"}], "sort": [1643385898421, 2104], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mjk3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Total Number of Logs", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"Total Number of Logs\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Total Number of Logs\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDGyaGxxQT5EBNmq3K9", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2106], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mjk4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Sensors - Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"Sensors - Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"sensor_name.keyword\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDGzmzcxQT5EBNmq3Sj", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2108], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mjk5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Devices - Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"Devices - Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"syslog-host_from.keyword\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDG0UDvxQT5EBNmq3WD", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2110], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzAwLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":64,\"x\":0,\"y\":132,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":28,\"h\":8,\"x\":20,\"y\":0,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":16,\"x\":0,\"y\":56,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":8,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":32,\"x\":32,\"y\":24,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":8,\"x\":8,\"y\":0,\"i\":\"32\"},\"panelIndex\":\"32\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":16,\"x\":32,\"y\":8,\"i\":\"33\"},\"panelIndex\":\"33\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":16,\"x\":40,\"y\":8,\"i\":\"34\"},\"panelIndex\":\"34\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":8,\"x\":0,\"y\":72,\"i\":\"35\"},\"panelIndex\":\"35\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":8,\"x\":16,\"y\":72,\"i\":\"36\"},\"panelIndex\":\"36\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":8,\"x\":32,\"y\":72,\"i\":\"37\"},\"panelIndex\":\"37\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":32,\"i\":\"38\"},\"panelIndex\":\"38\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":108,\"i\":\"39\"},\"panelIndex\":\"39\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":28,\"x\":24,\"y\":80,\"i\":\"40\"},\"panelIndex\":\"40\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_14\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":28,\"x\":0,\"y\":80,\"i\":\"41\"},\"panelIndex\":\"41\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}},\"enhancements\":{}},\"panelRefName\":\"panel_15\"}]", "timeRestore": false, "title": "z16.04 - Overview", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "94b52620-342a-11e7-9d52-4f090484f59e", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "aa05e920-3433-11e7-8867-29a39c0f86b2", "name": "panel_1", "type": "search"}, {"id": "1c2aeb50-365e-11e7-b896-5bdd6bfa1561", "name": "panel_2", "type": "visualization"}, {"id": "277f3250-4161-11e7-8493-51634b0a4565", "name": "panel_3", "type": "visualization"}, {"id": "901bda80-a83f-11e7-893a-1b88920b2837", "name": "panel_4", "type": "visualization"}, {"id": "5b3988c0-a840-11e7-893a-1b88920b2837", "name": "panel_5", "type": "visualization"}, {"id": "AWDGyaGxxQT5EBNmq3K9", "name": "panel_6", "type": "visualization"}, {"id": "AWDGzmzcxQT5EBNmq3Sj", "name": "panel_7", "type": "visualization"}, {"id": "AWDG0UDvxQT5EBNmq3WD", "name": "panel_8", "type": "visualization"}, {"id": "AWDG1uC-xQT5EBNmq3dP", "name": "panel_9", "type": "visualization"}, {"id": "AWDG3ym0xQT5EBNmq3mG", "name": "panel_10", "type": "visualization"}, {"id": "AWDG4pcDxQT5EBNmq3pi", "name": "panel_11", "type": "visualization"}, {"id": "733ce440-494d-11e8-9576-313be7c6b44b", "name": "panel_12", "type": "visualization"}, {"id": "2a949080-4a3d-11e8-9b0a-f1d33346f773", "name": "panel_13", "type": "visualization"}, {"id": "96c2cf10-4a3d-11e8-9b0a-f1d33346f773", "name": "panel_14", "type": "visualization"}, {"id": "ee0ba080-4a3d-11e8-9b0a-f1d33346f773", "name": "panel_15", "type": "visualization"}], "sort": [1643385898421, 2127], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzAxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - PE - OS", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.os.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"OS\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - PE - OS\"}"}, "coreMigrationVersion": "7.16.2", "id": "b449a870-c762-11ea-bebb-37c5ab5894ea", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2129], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzAyLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:pe\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"858c0209-49ab-4c0c-9b9c-bc71e363be32\"},\"panelIndex\":\"858c0209-49ab-4c0c-9b9c-bc71e363be32\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":12,\"h\":9,\"i\":\"94db978d-70ba-4ade-a680-1297961aa832\"},\"panelIndex\":\"94db978d-70ba-4ade-a680-1297961aa832\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":9,\"i\":\"8973a749-ddc9-4476-8946-280e748da61e\"},\"panelIndex\":\"8973a749-ddc9-4476-8946-280e748da61e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":10,\"h\":18,\"i\":\"8797e1d3-84b0-4840-9ba3-6e74f15a5f08\"},\"panelIndex\":\"8797e1d3-84b0-4840-9ba3-6e74f15a5f08\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":10,\"y\":9,\"w\":15,\"h\":18,\"i\":\"b9da8481-6781-4431-83de-c51834199de7\"},\"panelIndex\":\"b9da8481-6781-4431-83de-c51834199de7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":25,\"y\":9,\"w\":10,\"h\":18,\"i\":\"ceba5670-4f26-411e-a19a-e130cf715228\"},\"panelIndex\":\"ceba5670-4f26-411e-a19a-e130cf715228\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":35,\"y\":9,\"w\":13,\"h\":18,\"i\":\"5f1b3a55-7919-448d-897c-fc7166b283d0\"},\"panelIndex\":\"5f1b3a55-7919-448d-897c-fc7166b283d0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":29,\"i\":\"767dc27a-2b54-4360-bb34-c1a41528ad25\"},\"panelIndex\":\"767dc27a-2b54-4360-bb34-c1a41528ad25\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]", "timeRestore": false, "title": "Security Onion - PE", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "94b55b90-c761-11ea-bebb-37c5ab5894ea", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "c879ad60-72a1-11ea-8dd2-9d8795a1200b", "name": "panel_2", "type": "visualization"}, {"id": "80a39cb0-c762-11ea-bebb-37c5ab5894ea", "name": "panel_3", "type": "visualization"}, {"id": "b449a870-c762-11ea-bebb-37c5ab5894ea", "name": "panel_4", "type": "visualization"}, {"id": "07419650-c763-11ea-bebb-37c5ab5894ea", "name": "panel_5", "type": "visualization"}, {"id": "282bf2c0-c763-11ea-bebb-37c5ab5894ea", "name": "panel_6", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_7", "type": "search"}], "sort": [1643385898421, 2138], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzAzLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:snmp\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"752f2974-3abc-482c-afdc-c85cf5643cc6\"},\"panelIndex\":\"752f2974-3abc-482c-afdc-c85cf5643cc6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"dfa3b3da-b86b-4d11-add3-c7e18c40654b\"},\"panelIndex\":\"dfa3b3da-b86b-4d11-add3-c7e18c40654b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"4c444c07-93f9-43d2-966e-1a0db864c011\"},\"panelIndex\":\"4c444c07-93f9-43d2-966e-1a0db864c011\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"3f20fbbb-d47b-4b9e-94a0-f5f144ce0dd2\"},\"panelIndex\":\"3f20fbbb-d47b-4b9e-94a0-f5f144ce0dd2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":9,\"y\":8,\"w\":10,\"h\":19,\"i\":\"5c5850b6-1e17-4d4a-9122-8d6a6b275fb0\"},\"panelIndex\":\"5c5850b6-1e17-4d4a-9122-8d6a6b275fb0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":19,\"y\":8,\"w\":11,\"h\":19,\"i\":\"2df47b07-dcfd-46a9-a908-cd03bb3ae82e\"},\"panelIndex\":\"2df47b07-dcfd-46a9-a908-cd03bb3ae82e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":8,\"w\":18,\"h\":19,\"i\":\"7fec36da-2c28-4eef-9d15-bd5d64628d1d\"},\"panelIndex\":\"7fec36da-2c28-4eef-9d15-bd5d64628d1d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":29,\"i\":\"db2dff22-e4c1-41ea-a07d-8c0b0080cb04\"},\"panelIndex\":\"db2dff22-e4c1-41ea-a07d-8c0b0080cb04\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]", "timeRestore": false, "title": "Security Onion - SNMP", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "96522610-75e8-11ea-9565-7315f4ee5cac", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "424ace90-75e9-11ea-9565-7315f4ee5cac", "name": "panel_5", "type": "visualization"}, {"id": "690ef880-75e9-11ea-9565-7315f4ee5cac", "name": "panel_6", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_7", "type": "search"}], "sort": [1643385898421, 2147], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzA0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SMTP - \"To\" Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SMTP - \\\"To\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"recipient_to.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"To\\\" Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "96767400-39a2-11e7-8472-0151e5b2b475", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "a6cea530-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2149], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzA1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "RDP - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"RDP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "fd549d70-363f-11e7-a6f7-4f44d7bf1c33", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "823dd600-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2151], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzA2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "RDP - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"RDP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "f9a16c80-371b-11e7-90f8-87842d5eedc9", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "823dd600-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2153], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzA3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "RDP - Keyboard Layout (Pie Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"RDP - Keyboard Layout (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"keyboard_layout.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Keyboard Layout\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "be7637c0-371c-11e7-90f8-87842d5eedc9", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "823dd600-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2155], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzA4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "RDP - Result (Horizontal Bar Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"RDP - Result (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"result.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Result\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "c4f37d70-6e20-11e7-b553-7f80727663c1", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "823dd600-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2157], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzA5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "RDP - Encryption Level (Vertical Bar Chart)", "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", "version": 1, "visState": "{\"title\":\"RDP - Encryption Level (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0,\"filter\":true},\"title\":{\"text\":\"Encryption Level\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"encryption_level.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Encryption Level\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "ef307a70-6e20-11e7-b553-7f80727663c1", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "823dd600-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2159], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzEwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "RDP - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"RDP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHCvBexQT5EBNmq4aK", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "823dd600-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2161], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzExLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":80,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":12,\"x\":36,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":56,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":56,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":12,\"x\":8,\"y\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":12,\"x\":20,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"}]", "timeRestore": false, "title": "z16.04 - Bro - RDP", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "97f8c3a0-3583-11e7-a588-05992195c551", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "fd549d70-363f-11e7-a6f7-4f44d7bf1c33", "name": "panel_1", "type": "visualization"}, {"id": "823dd600-342e-11e7-9e93-53b62e1857b2", "name": "panel_2", "type": "search"}, {"id": "f9a16c80-371b-11e7-90f8-87842d5eedc9", "name": "panel_3", "type": "visualization"}, {"id": "0b9dea80-371c-11e7-90f8-87842d5eedc9", "name": "panel_4", "type": "visualization"}, {"id": "19dfd180-371c-11e7-90f8-87842d5eedc9", "name": "panel_5", "type": "visualization"}, {"id": "524e13b0-371c-11e7-90f8-87842d5eedc9", "name": "panel_6", "type": "visualization"}, {"id": "75597b60-371c-11e7-90f8-87842d5eedc9", "name": "panel_7", "type": "visualization"}, {"id": "8e18ee60-371c-11e7-90f8-87842d5eedc9", "name": "panel_8", "type": "visualization"}, {"id": "be7637c0-371c-11e7-90f8-87842d5eedc9", "name": "panel_9", "type": "visualization"}, {"id": "c4f37d70-6e20-11e7-b553-7f80727663c1", "name": "panel_10", "type": "visualization"}, {"id": "ef307a70-6e20-11e7-b553-7f80727663c1", "name": "panel_11", "type": "visualization"}, {"id": "AWDHCvBexQT5EBNmq4aK", "name": "panel_12", "type": "visualization"}], "sort": [1643385898421, 2175], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzEyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SSH - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SSH - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "9a33f9a0-365f-11e7-8c78-e3086faf385c", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c33e7600-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2177], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzEzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Connections - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Connections - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "9a54f150-366e-11e7-8c78-e3086faf385c", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2179], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzE0LDE1XQ=="} +{"attributes": {"columns": ["source_ip", "name", "software_type"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_software\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Software - Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "ba3d77e0-342e-11e7-9e93-53b62e1857b2", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2181], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzE1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Software - Summary", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Software - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"version_major.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"version_minor.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"software_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "9b0f6a80-4c7a-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "ba3d77e0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2183], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzE2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Zeek - Notice", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Zeek - Notice\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"notice.note.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Notice\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "9c6ccff0-7a84-11ea-9d13-57f5db13d1ed", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2185], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzE3LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[{\"meta\":{\"negate\":true,\"disabled\":true,\"alias\":\"Initial Systems/Queries\",\"type\":\"phrase\",\"key\":\"osquery.counter\",\"params\":{\"query\":0},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"osquery.counter\":{\"query\":0,\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"phrases\",\"key\":\"osquery.codename\",\"value\":\"server\",\"params\":[\"server\"],\"negate\":false,\"disabled\":true,\"alias\":\"Servers Only\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"osquery.codename\":\"server\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":64,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":27,\"w\":40,\"h\":21,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"columns\":[\"osquery.hostname\",\"osquery.name\",\"osquery.LiveQuery\",\"osquery.EndpointIP1\",\"osquery.EndpointIP2\"],\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":17,\"h\":13,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":13,\"w\":40,\"h\":14,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Changes by Type\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":13,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Changes by Hostname\",\"panelRefName\":\"panel_4\"}]", "timeRestore": false, "title": "z16.04 - osquery - Overview", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "9d0e2da0-14e1-11e9-82f7-0da02d93a48b", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", "type": "index-pattern"}, {"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", "type": "index-pattern"}, {"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "84116380-14e1-11e9-82f7-0da02d93a48b", "name": "panel_1", "type": "search"}, {"id": "2f556c90-14e3-11e9-82f7-0da02d93a48b", "name": "panel_2", "type": "visualization"}, {"id": "369e16e0-14e4-11e9-82f7-0da02d93a48b", "name": "panel_3", "type": "visualization"}, {"id": "05a5ed10-14e4-11e9-82f7-0da02d93a48b", "name": "panel_4", "type": "visualization"}], "sort": [1643385898421, 2193], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzE4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - Connections - Top Source Ports", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Connections - Top Source Ports\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "9d3413c0-6ea0-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9b333020-6e9f-11ea-9266-1fd14ca6af34", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2195], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzE5LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:ssh\",\"language\":\"kuery\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"b816ee0e-45c6-438d-a4ed-799d9e80a9f0\"},\"panelIndex\":\"b816ee0e-45c6-438d-a4ed-799d9e80a9f0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"cbfd7081-d82b-4e29-b21c-6e9584d67328\"},\"panelIndex\":\"cbfd7081-d82b-4e29-b21c-6e9584d67328\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"d9b0c92a-8625-4e72-8a7c-333381e17244\"},\"panelIndex\":\"d9b0c92a-8625-4e72-8a7c-333381e17244\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":10,\"h\":19,\"i\":\"766c95ce-e20f-4e88-935f-2211b7be6b65\"},\"panelIndex\":\"766c95ce-e20f-4e88-935f-2211b7be6b65\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":10,\"y\":8,\"w\":10,\"h\":19,\"i\":\"e9ec8c9e-8a76-4501-abcb-2c9c08adfc44\"},\"panelIndex\":\"e9ec8c9e-8a76-4501-abcb-2c9c08adfc44\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":20,\"y\":8,\"w\":13,\"h\":19,\"i\":\"c2747e56-14c2-4a70-a1a7-e31affae20f8\"},\"panelIndex\":\"c2747e56-14c2-4a70-a1a7-e31affae20f8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":33,\"y\":8,\"w\":15,\"h\":19,\"i\":\"ff324073-699d-4b26-b4fd-28190fa3803b\"},\"panelIndex\":\"ff324073-699d-4b26-b4fd-28190fa3803b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":17,\"h\":18,\"i\":\"248c6442-b868-4e06-bfaa-e6da2d2d7463\"},\"panelIndex\":\"248c6442-b868-4e06-bfaa-e6da2d2d7463\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":17,\"y\":27,\"w\":16,\"h\":18,\"i\":\"d24e4833-8b52-45ac-ac3f-bb31379e8380\"},\"panelIndex\":\"d24e4833-8b52-45ac-ac3f-bb31379e8380\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":33,\"y\":27,\"w\":15,\"h\":18,\"i\":\"6711f807-284e-4025-99bb-cee25c0e970d\"},\"panelIndex\":\"6711f807-284e-4025-99bb-cee25c0e970d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":29,\"i\":\"3d4c3a76-579f-494d-b87c-d594fea44d83\"},\"panelIndex\":\"3d4c3a76-579f-494d-b87c-d594fea44d83\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"}]", "timeRestore": false, "title": "Security Onion - SSH", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "9dfd77e0-75eb-11ea-9565-7315f4ee5cac", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "292b1db0-75ea-11ea-9565-7315f4ee5cac", "name": "panel_5", "type": "visualization"}, {"id": "46221fe0-75ea-11ea-9565-7315f4ee5cac", "name": "panel_6", "type": "visualization"}, {"id": "7d61f430-75ea-11ea-9565-7315f4ee5cac", "name": "panel_7", "type": "visualization"}, {"id": "104a4a90-75eb-11ea-9565-7315f4ee5cac", "name": "panel_8", "type": "visualization"}, {"id": "8afa5f50-75eb-11ea-9565-7315f4ee5cac", "name": "panel_9", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_10", "type": "search"}], "sort": [1643385898421, 2207], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzIwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - DCE/RPC - Endpoint", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - DCE/RPC - Endpoint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dce_rpc.endpoint.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Endpoint\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "a427d6e0-96db-11ea-814e-bb515e873c2c", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2209], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzIxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - DCE/RPC - Named Pipe", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - DCE/RPC - Named Pipe\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dce_rpc.named_pipe.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Named Pipe\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "c2f21270-96db-11ea-814e-bb515e873c2c", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2211], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzIyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - DCE/RPC - Operation", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - DCE/RPC - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dce_rpc.operation.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Operation\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "df7989f0-96db-11ea-814e-bb515e873c2c", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2213], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzIzLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:dce_rpc\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"95dc50d5-926a-4ab3-a746-0e53f475d658\"},\"panelIndex\":\"95dc50d5-926a-4ab3-a746-0e53f475d658\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":14,\"y\":0,\"w\":14,\"h\":9,\"i\":\"5b559994-ed67-43c8-8eed-ab30fd8b3d26\"},\"panelIndex\":\"5b559994-ed67-43c8-8eed-ab30fd8b3d26\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":9,\"i\":\"4251a61c-1dcd-47b3-9866-f7ed939c73d4\"},\"panelIndex\":\"4251a61c-1dcd-47b3-9866-f7ed939c73d4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":21,\"i\":\"e74255f5-4dc6-4df0-ab24-032dd7d4bc02\"},\"panelIndex\":\"e74255f5-4dc6-4df0-ab24-032dd7d4bc02\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":21,\"i\":\"55f5c9e0-264b-44d1-9b49-0bb7890ef4bd\"},\"panelIndex\":\"55f5c9e0-264b-44d1-9b49-0bb7890ef4bd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":9,\"w\":9,\"h\":21,\"i\":\"2a33a3df-4690-4ea4-a71a-9c98cb612213\"},\"panelIndex\":\"2a33a3df-4690-4ea4-a71a-9c98cb612213\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":25,\"y\":9,\"w\":8,\"h\":21,\"i\":\"ee61c32f-e801-494f-a819-b5788bed856f\"},\"panelIndex\":\"ee61c32f-e801-494f-a819-b5788bed856f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":21,\"i\":\"f7c23591-431c-4a4c-a69b-a349c37697da\"},\"panelIndex\":\"f7c23591-431c-4a4c-a69b-a349c37697da\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":30,\"w\":48,\"h\":29,\"i\":\"f360db9a-9572-4b67-8be4-6f53084940a3\"},\"panelIndex\":\"f360db9a-9572-4b67-8be4-6f53084940a3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]", "timeRestore": false, "title": "Security Onion - DCE/RPC", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "9e882df0-72c5-11ea-8dd2-9d8795a1200b", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "c879ad60-72a1-11ea-8dd2-9d8795a1200b", "name": "panel_2", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "a427d6e0-96db-11ea-814e-bb515e873c2c", "name": "panel_5", "type": "visualization"}, {"id": "c2f21270-96db-11ea-814e-bb515e873c2c", "name": "panel_6", "type": "visualization"}, {"id": "df7989f0-96db-11ea-814e-bb515e873c2c", "name": "panel_7", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_8", "type": "search"}], "sort": [1643385898421, 2223], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzI0LDE1XQ=="} +{"attributes": {"columns": ["_source"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.module:osquery\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "Security Onion - Osquery", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "9eed5fc0-afcb-11ea-b262-353d451b125b", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2225], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzI1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "RFB - Authentication Method", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"RFB - Authentication Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"authentication_method.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Authentication Method\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "bf47f4c0-371e-11e7-90f8-87842d5eedc9", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "8ba53710-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2227], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzI2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "RFB - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"RFB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "bbbe5a80-6e21-11e7-b553-7f80727663c1", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "8ba53710-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2229], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzI3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "RFB - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"RFB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "d6ec3570-6e21-11e7-b553-7f80727663c1", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "8ba53710-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2231], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzI4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "RFB - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"RFB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "e8982270-6e21-11e7-b553-7f80727663c1", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "8ba53710-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2233], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzI5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "RFB - Authentication Method (Horizontal Bar Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"RFB - Authentication Method (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"authentication_method.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Method\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "c24191f0-6e22-11e7-b553-7f80727663c1", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "8ba53710-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2235], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzMwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "RFB - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"RFB - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHC8iGxQT5EBNmq4bs", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "8ba53710-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2237], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzMxLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\",\"time_zone\":\"America/New_York\"}},\"language\":\"lucene\"},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":56,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":32,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":28,\"x\":0,\"y\":104,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":56,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":56,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":80,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":80,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":80,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":12,\"x\":8,\"y\":20,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"}]", "timeRestore": false, "title": "z16.04 - Bro - RFB", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "9ef20ae0-3583-11e7-a588-05992195c551", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "265a04d0-3640-11e7-a6f7-4f44d7bf1c33", "name": "panel_1", "type": "visualization"}, {"id": "869e3030-371e-11e7-90f8-87842d5eedc9", "name": "panel_2", "type": "visualization"}, {"id": "bf47f4c0-371e-11e7-90f8-87842d5eedc9", "name": "panel_3", "type": "visualization"}, {"id": "14274040-371f-11e7-90f8-87842d5eedc9", "name": "panel_4", "type": "visualization"}, {"id": "63c072c0-371f-11e7-90f8-87842d5eedc9", "name": "panel_5", "type": "visualization"}, {"id": "8ba53710-342e-11e7-9e93-53b62e1857b2", "name": "panel_6", "type": "search"}, {"id": "bbbe5a80-6e21-11e7-b553-7f80727663c1", "name": "panel_7", "type": "visualization"}, {"id": "d6ec3570-6e21-11e7-b553-7f80727663c1", "name": "panel_8", "type": "visualization"}, {"id": "e8982270-6e21-11e7-b553-7f80727663c1", "name": "panel_9", "type": "visualization"}, {"id": "4fade7b0-6e22-11e7-b553-7f80727663c1", "name": "panel_10", "type": "visualization"}, {"id": "7c1e3f70-6e22-11e7-b553-7f80727663c1", "name": "panel_11", "type": "visualization"}, {"id": "c24191f0-6e22-11e7-b553-7f80727663c1", "name": "panel_12", "type": "visualization"}, {"id": "AWDHC8iGxQT5EBNmq4bs", "name": "panel_13", "type": "visualization"}], "sort": [1643385898421, 2252], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzMyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SIP - Content Type", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - SIP - Content Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.content_type.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.content_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "9ff24600-75ca-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2254], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzMzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"},\"filter\":[]}"}, "title": "Help", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Help\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"markdown\":\"## Introduction\\nWelcome to the Security Onion Elastic Stack! This is our implementation of the Elastic Stack on Security Onion. The Elastic Stack consists of three primary components:\\n- `Elasticsearch` - stores logs\\n- `Logstash` - collects and enriches logs before storing them in Elasticsearch\\n- `Kibana` - web interface for visualizing logs\\n\\n## Sidebar\\nStarting on the far left side of the page, you see the Sidebar. This contains links such as:\\n- `Discover` - search data\\n- `Visualize` - create visualizations based on searches\\n- `Dashboard` - view or create dashboards based on visualizations\\n- `Timelion` - timeline analysis\\n- `Dev Tools` - query Elasticsearch directly\\n- `Management` - view or modify Kibana settings\\n- `Squert` - separate web interface for viewing NIDS and HIDS alerts\\n- `Logout` - log out of your session\\n\\nThe first six of those links are within Kibana itself. If you click one of those and then want to get back to the Dashboards area where you started, simply click the `Dashboard` link.\\n\\nClicking the `Squert` link will take you out of Kibana and into Squert. You will not be required to authenticate to Squert since you already have an active Single Sign On (SSO) session.\\n\\nClicking the `Logout` link in either Squert or Kibana will log you out of your SSO session and take you back to the logon screen.\\n\\n## Navigation Panel\\nWhen you are in the Kibana Dashboard area, the panel to the immediate right of the sidebar is the Navigation Panel and it includes links to our dashboards such as Home, Help (this page), Bro Notices, ElastAlert, HIDS, NIDS, etc. Clicking one of the links in the Navigation Panel will take you to a dashboard dedicated to that particular log type. \\n\\n## Dashboards\\nAll dashboards are designed to work at 1024x768 screen resolution in order to maximize compatibility.\\n\\n### Dashboard Hyperlinks\\n\\nThe `source_ip` and `destination_ip` fields are hyperlinked. These hyperlinks will take you to the Indicator dashboard which will help you analyze the traffic relating to that particular IP address.\\n\\n`UID` fields are also hyperlinked. This hyperlink will start a new Kibana search for that particular UID. In the case of Bro UIDs this will show you all Bro logs related to that particular connection.\\n\\nEach log entry also has an `_id` field that is hyperlinked. This hyperlink will take you to CapMe, allowing you to request full packet capture for any arbitrary log type. This assumes that the log is for tcp or udp traffic that was seen by Bro and Bro recorded it correctly in its conn.log. \\n\\n### Overview Dashboard\\nWhen you first go to the Kibana Dashboard area, you are automatically placed into the Overview dashboard, where you will see overview information, such as total number of logs and sensors. Use the information on the Overview dashboard to determine which of the other dashboards on the Navigation Panel you might want to visit next.\\n\\n### Dashboard Categories\\nOur remaining dashboards are grouped into a few categories:\\n- `Alert Data` - dashboards that display alerts created by rules or signatures\\n- `Bro Hunting` - dashboards that allow you to slice and dice network metadata for hunting\\n- `Host Hunting` - dashboards that allow you to hunt via host telemetry\\n- `Other` - dashboards that don't fit into the categories above\\n\\n### Bro Notices\\nBro sniffs network traffic and generates notices such as `SSL::Invalid Server Cert` and `TeamCymruMalwareHashRegistry::Match`.\\n\\n### ElastAlert\\nElastAlert queries Elasticsearch on a regular basis and then generates alerts based on your desired criteria. Security Onion includes two example rules that alert on new IDS events and new connection logs. You can add your own ElastAlert rules in `/etc/elastalert/rules/`.\\n\\n### HIDS\\nOSSEC analyzes log files and generates Host Intrusion Detection System alerts based on its ruleset at `/var/ossec/rules/`. You can add your own rules in `/var/ossec/rules/local_rules.xml`.\\n\\n### NIDS\\nSecurity Onion can use either Snort or Suricata to sniff network traffic and generate Network Intrusion Detection System alerts. \\n\\n### Connections\\nBro sniffs network traffic and logs connection metadata including source IP/port, destination IP/port, protocol, and number of bytes.\\n\\n### DCE/RPC\\nBro sniffs network traffic and logs DCE/RPC metadata including source IP/port, destination IP/port, operation, endpoint, and named pipe.\\n\\n### DHCP\\nBro sniffs network traffic and logs DHCP requests and responses including source IP/port, destination IP/port, and MAC addresses.\\n\\n### DNP3\\nBro sniffs network traffic and logs DNP3 metadata including source IP/port, destination IP/port, function request, function reply.\\n\\n### DNS\\nBro sniffs network traffic and logs DNS queries and answers. Bro also includes other name lookups such as Windows NetBIOS name service requests and Bonjour.\\n\\n### Files\\nBro sniffs network traffic and logs metadata related to files being transferred over the network including IP addresses, MIME type, source, and checksums.\\n\\n### FTP\\nBro sniffs network traffic and logs FTP metadata including source IP/port, destination IP/port, command, reply code, argument, and username.\\n\\n### HTTP\\nBro sniffs network traffic and logs HTTP metadata including source IP/port, destination IP/port, method, status message, MIME type, site name, referer, and user agent.\\n\\n### Intel\\nBro sniffs network traffic and watches for indicators using the Intel framework. You can add your own indicators to `/opt/bro/share/bro/intel/intel.dat`.\\n\\n### IRC\\nBro sniffs network traffic and logs IRC metadata including source IP/port, destination IP/port, command, and username.\\n\\n### Kerberos\\nBro sniffs network traffic and logs Kerberos metadata including source IP/port, destination IP/port, cipher, client, server, service, request type, and success status.\\n\\n### Modbus\\nBro sniffs network traffic and logs Modbus metadata including source IP/port, destination IP/port, and function.\\n\\n### MySQL\\nBro sniffs network traffic and logs MySQL metadata including source IP/port, destination IP/port, command/argument, status, and response.\\n\\n### NTLM\\nBro sniffs network traffic and logs NTLM metadata including source IP/port, destination IP/port, hostname, username, and status.\\n\\n### PE\\nBro sniffs network traffic and logs PE metadata including OS, subsystem, machine, and section name.\\n\\n### RADIUS\\nBro sniffs network traffic and logs RADIUS metadata including source IP/port, destination IP/port, username, and result.\\n\\n### RDP\\nBro sniffs network traffic and logs RDP metadata including source IP/port, destination IP/port, client build, keyboard layout, encryption level, and result.\\n\\n### RFB\\nBro sniffs network traffic and logs RFB metadata including source IP/port, destination IP/port, authentication method, authentication status, client version, server version, and desktop name.\\n\\n### SIP\\nBro sniffs network traffic and logs SIP metadata including source IP/port, destination IP/port, method, content type, status, uri, and user agent.\\n\\n### SMB\\nBro sniffs network traffic and logs SMB metadata including source IP/port, destination IP/port, file name, and action.\\n\\n### SMTP\\nBro sniffs network traffic and logs SMTP metadata including source IP/port, destination IP/port, from, to, subject, and user agent.\\n\\n### SNMP\\nBro sniffs network traffic and logs SNMP metadata including source IP/port, destination IP/port, version, community, and duration.\\n\\n### Software\\nBro sniffs network traffic and logs metadata relating to the kinds of software that generated that traffic including name, type, and version.\\n\\n### SSH\\nBro sniffs network traffic and logs SSH metadata including source IP/port, destination IP/port, client version, server version, and success.\\n\\n### SSL\\nBro sniffs network traffic and logs SSL metadata including source IP/port, destination IP/port, server name, certificate subject, cipher, and validation status.\\n\\n### Syslog\\nBro sniffs network traffic and logs Syslog metadata including source IP/port, destination IP/port, severity, and protocol.\\n\\n### Tunnels\\nBro sniffs network traffic and detects IP, GRE, SOCKS, TEREDO, and AVAYA tunnels. It logs metadata including source IP/port, destination IP/port, type, and action.\\n\\n### Weird\\nBro sniffs network traffic and logs protocol anomalies metadata including source IP/port, destination IP/port, and the type of anomaly.\\n\\n### X.509\\nBro sniffs network traffic and logs X.509 metadata including certificate subject, issuer, key algorithm, key length, and signing algorithm.\\n\\n### Autoruns\\nSysinternals Autoruns can identify the processes which Windows is configured to automatically run. Autoruns data can then be ingested via [Autoruns To WinEventLog](https://github.com/palantir/windows-event-forwarding/tree/master/AutorunsToWinEventLog).\\n\\n### Beats\\nElastic Beats can be deployed on endpoints to collect host telemetry and send to Logstash for storage in Elasticsearch.\\n\\n### OSSEC\\nOSSEC agents can be deployed on endpoints to collect host telemetry and send to the OSSEC Server included in Security Onion. OSSEC Alerts can be found in the Alert Data category at the top of the Navigation Panel. This OSSEC hunting dashboard will allow you to hunt through all OSSEC logs, not just alerts.\\n\\n### Sysmon\\nSysinternal Sysmon provides comprehensive telemetry for Windows hosts. Its logs can be consumed using Beats, OSSEC, or other transport mechanism.\\n\\n### Domain Stats\\nSecurity Onion includes a tool called domain_stats which will do a whois lookup on a domain name to determine the age of the domain. If enabled, this dashboard looks for baby domains that have been recently registered. Please note that domain_stats is only enabled when running in Evaluation Mode.\\n\\n### Firewall\\nFirewall logs can be consumed via syslog or other transport mechanism. Once consumed, this dashboard allows you to slice and dice those firewall logs based on source IP/port, destination IP/port, protocol, and action.\\n\\n### Frequency\\nSecurity Onion includes a tool called freq_server which can perform frequency analysis of hostnames. If enabled, this dashboard will show hostnames with a frequency analysis score that indicates that they could have been randomly generated. Please note that freq_server is only enabled when running in Evaluation Mode.\\n\\n### Stats\\nThis dashboard shows statistics for Logstash including processing times for different log types and any errors that may have occurred.\\n\\n## More Information\\nFor additional information, please refer to our documentation at:\\n\\nhttps://securityonion.net/docs/Elastic\",\"type\":\"markdown\"},\"aggs\":[]}"}, "coreMigrationVersion": "7.16.2", "id": "AV6-PHKnDwoBUzALqJ_c", "migrationVersion": {"visualization": "7.14.0"}, "references": [], "sort": [1643385898421, 2255], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzM0LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":204,\"x\":8,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]", "timeRestore": false, "title": "z16.04 - Help", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "AV6-POJSDwoBUzALqKAg", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "AV6-PHKnDwoBUzALqJ_c", "name": "panel_0", "type": "visualization"}, {"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_1", "type": "visualization"}], "sort": [1643385898421, 2258], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzM1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl AND _exists_:issuer_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "SSL - Certificate Issuer Common Name Frequency Analysis", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SSL - Certificate Issuer Common Name Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"issuer_common_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"issuer_common_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer Common Name\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "a83f17c0-6f0b-11e7-9d31-23c0596994a7", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2260], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzM2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl AND _exists_:server_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "SSL - Certificate Server Name Frequency Analysis", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SSL - Certificate Server Name Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"server_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Server Name\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "c2e54c20-6f0b-11e7-9d31-23c0596994a7", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2262], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzM3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509 AND _exists_:certificate_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "X.509 - Certificate Common Name Frequency Analysis", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"X.509 - Certificate Common Name Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"certificate_common_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_common_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Common Name\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "e03ba1d0-6f0a-11e7-83d2-adea2f314dc5", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2264], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzM4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509 AND _exists_:issuer_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "X.509 - Certificate Issuer Frequency Analysis", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"X.509 - Certificate Issuer Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"issuer_common_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"issuer_common_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "acd38970-6f0a-11e7-83d2-adea2f314dc5", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2266], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzM5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509 AND _exists_:issuer_organization_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "X.509 - Certificate Issuer Organization Frequency Analysis", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"X.509 - Certificate Issuer Organization Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"issuer_organization_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"issuer_organization.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer Organization\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "c3f244c0-6f0a-11e7-83d2-adea2f314dc5", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2268], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzQwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND _exists_:parent_domain_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "DNS - Parent Domain Frequency Analysis", "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}", "version": 1, "visState": "{\"title\":\"DNS - Parent Domain Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"parent_domain_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"highest_registered_domain.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "c9f5d3a0-6f05-11e7-b253-211f64f37eda", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2270], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzQxLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":52,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":76,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":76,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":100,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":100,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":124,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":124,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":52,\"x\":0,\"y\":0,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":80,\"x\":0,\"y\":148,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":28,\"x\":8,\"y\":24,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_10\"}]", "timeRestore": false, "title": "z16.04 - Frequency Analysis", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "AWAi5k4jAvKNGEbUWFis", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f1f00a0-6f04-11e7-b253-211f64f37eda", "name": "panel_0", "type": "visualization"}, {"id": "7d1ede50-6f19-11e7-86c8-a1b6db3b051a", "name": "panel_1", "type": "visualization"}, {"id": "8fa702e0-6f0b-11e7-9d31-23c0596994a7", "name": "panel_2", "type": "visualization"}, {"id": "a83f17c0-6f0b-11e7-9d31-23c0596994a7", "name": "panel_3", "type": "visualization"}, {"id": "c2e54c20-6f0b-11e7-9d31-23c0596994a7", "name": "panel_4", "type": "visualization"}, {"id": "e03ba1d0-6f0a-11e7-83d2-adea2f314dc5", "name": "panel_5", "type": "visualization"}, {"id": "acd38970-6f0a-11e7-83d2-adea2f314dc5", "name": "panel_6", "type": "visualization"}, {"id": "c3f244c0-6f0a-11e7-83d2-adea2f314dc5", "name": "panel_7", "type": "visualization"}, {"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_8", "type": "visualization"}, {"id": "aa05e920-3433-11e7-8867-29a39c0f86b2", "name": "panel_9", "type": "search"}, {"id": "c9f5d3a0-6f05-11e7-b253-211f64f37eda", "name": "panel_10", "type": "visualization"}], "sort": [1643385898421, 2282], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzQyLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":48,\"x\":8,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":36,\"x\":0,\"y\":48,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"columns\":[\"_source\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_2\"}]", "timeRestore": false, "title": "z16.04 - Baby Domains", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "AWAi6wvxAvKNGEbUWO_j", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "41ec0ca0-6f13-11e7-86c8-a1b6db3b051a", "name": "panel_0", "type": "visualization"}, {"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_1", "type": "visualization"}, {"id": "fce833e0-6f12-11e7-86c8-a1b6db3b051a", "name": "panel_2", "type": "search"}], "sort": [1643385898421, 2286], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzQzLDE1XQ=="} +{"attributes": {"fieldFormatMap": "{\"process_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"event_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}}}", "fields": "[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"aa\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"aa.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"activity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"analyzer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"analyzer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"answers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"answers.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"apache2.access.body_sent.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.http_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.response_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.os_major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.os_minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.os_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.patch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.client\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"apache2.error.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.tid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.a0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.acct\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.item\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.items\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.new_auid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.new_ses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.old_auid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.old_ses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.ppid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.record_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.res\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.sequence\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"auth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_attempts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints_ca\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints_path_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"bound_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"call_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"call_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_exponent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_exponent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_after\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_before\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_number_days_valid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_permanent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_permanent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_signing_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_signing_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"checksum\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"checksum.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"class.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"classification\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"classification.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_build.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_digital_product_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_digital_product_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"community\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"community.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"company.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compile_ts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compile_ts.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compression_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compression_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connect_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connect_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"content_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"content_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cookie\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cookie.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"current_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"current_directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_passive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_channel_passive.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"desktop_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_width\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_is_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dest_is_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_city.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_latitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_latitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_longitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_region.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"details\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"details.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dir\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dir.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"direction.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"display_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"display_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container.image\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"enabled\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"enabled.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"endpoint.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry_location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry_location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"escalated_user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"escalated_user.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"established\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"established.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.AccountName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.AlgorithmName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.AuthenticationPackageName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Binary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.CommandLine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Configuration\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ConfigurationFileHash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.CreationUtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.CurrentDirectory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DestinationIp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DestinationIsIpv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DestinationPort\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Details\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceNameLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceVersionMajor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceVersionMinor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DirtyPages\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ElevatedToken\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.EventType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ExtraInfoLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ExtraInfoString\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.FilterID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.FinalStatus\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Hashes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.HiveName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.HiveNameLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Image\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ImagePath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ImpersonationLevel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Initiated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.IntegrityLevel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.IpAddress\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.IpPort\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeyFilePath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeyLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeyName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeyType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeysUpdated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LmPackageName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LogonGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LogonProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LogonType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.NewSize\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.NewTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.OldTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.OriginalSize\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ParentCommandLine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ParentImage\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ParentProcessGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ParentProcessId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.PreviousCreationUtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.PreviousTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.PrivilegeList\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ProcessGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ProcessId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ProviderName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.RestrictedAdminMode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ReturnCode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SchemaVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ServiceName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ServiceType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SourceHostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SourceIp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SourceIsIpv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SourcePort\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.StartType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.State\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SubjectDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SubjectLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SubjectUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SubjectUserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetFilename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetLinkedLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetObject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetOutboundDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetOutboundUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetUserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TerminalSessionId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TransmittedServices\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.User\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.UtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.VirtualAccount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Workstation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.WorkstationName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param10\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param11\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param12\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param13\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param14\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param15\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param16\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param17\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param19\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param20\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param21\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param22\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param4\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param7\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param8\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param9\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.serviceGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.updateGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.updateRevisionNumber\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.updateTitle\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"exception\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"exception.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_request\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_request.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileset.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileset.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"first_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"first_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow_label\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"flow_label.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"forwardable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"forwardable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"freq_virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"freq_virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"frequency_scores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"frequency_scores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"function\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"function.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_bulk_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_bulk_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_cert_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_cert_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_debug_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_debug_data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_export_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_export_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_import_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_import_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"helo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"helo.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"highest_registered_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"history\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"history.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hop_limit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hop_limit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.debug.facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.debug.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"icinga.debug.severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.main.facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.main.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"icinga.main.severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.startup.facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.startup.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"icinga.startup.severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"iin\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"iin.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"in_reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"in_reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"info_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"initiated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"initiated.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"integrity_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"integrity_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"interface\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"interface.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_offset.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_tos\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_tos.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_64bit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_64bit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_exe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_exe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_source_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_source_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_webmail\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_webmail.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_distinguished_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kafka.log.component\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kafka.log.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.trace.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.trace.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kafka.log.trace.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kex_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kex_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"keyboard_layout\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"keyboard_layout.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"keywords\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.container.image\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.container.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.namespace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.pod.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"launch_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"launch_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"lease_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"lease_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"length\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"length.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_respond\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_respond.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logged\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logged.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.log.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.log.thread\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.plugin_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.plugin_params\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.plugin_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.thread\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.took_in_millis\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.took_in_nanos\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"machine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"machine.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_date.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"matched\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"matched.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"md5.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_error\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.availability_zone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.instance_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.instance_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.machine_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.project_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mimetype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mimetype.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missing_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.error.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.error.thread_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.error.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.lock_time.sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.query_time.sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.rows_examined\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.rows_sent\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.timestamp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"n\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"named_pipe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"named_pipe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"native_file_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"native_file_system.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"next_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"next_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nginx.access.body_sent.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.http_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.response_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.os_major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.os_minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.os_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.patch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.error.connection_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.error.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nginx.error.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.error.tid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nick\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nick.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"note\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"note.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ntlm_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"num_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"object_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"offset\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"opcode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"operation.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"original_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"os.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_agent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_agent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"overflow_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"p\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"password.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.database\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"postgresql.log.query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.thread_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prev_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prev_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_arguments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_arguments.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_guid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"profile\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"profile.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"program.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prospector.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"provider_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proxied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proxied.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_class_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_type_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ra\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ra.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rcode_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"read_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reason.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"recipient_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"recipient_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"record_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"redis.log.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.log.role\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.cmd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.duration.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"referrer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rejected\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rejected.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"related_activity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"renewable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_color_depth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_color_depth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_resource\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_resource.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"result\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"result.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resumed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resumed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rows.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"san_dns\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"san_dns.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"second_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"second_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"section_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"section_names.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"security_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"security_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_node\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_node.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_where\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_where.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sensor_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sensor_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seq\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seq.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_major_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_minor_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"service.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"set_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"set_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"severity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_flag\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_flag.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signature_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"signer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"site\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"site.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sources\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sources.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stream\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_rule_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_rule_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subsystem\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subsystem.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"suppress_for\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-legacy_msghdr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-legacy_msghdr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-sourceip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sysmon_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sysmon_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.groupadd.gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.groupadd.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.dropped_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.error\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.pwd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.home\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.shell\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.uid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"target_filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"target_filename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"task\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"terminal_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"terminal_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"thread_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timed_out\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timed_out.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_accessed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_accessed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_changed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_changed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_created\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_created.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_modified.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tld.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tld.subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"top_level_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"total_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tracker_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tracker_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"traefik.access.backend_url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"traefik.access.body_sent.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.frontend_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"traefik.access.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.http_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.request_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.response_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.os_major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.os_minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.os_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.patch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"trans_depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"transaction_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ttls\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_parents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_parents.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"unparsed_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"unparsed_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"up_since\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"up_since.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uri.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user_agent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.binaryData\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.binaryDataSize\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.param1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.param2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.xml_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"useragent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_aslr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_aslr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_code_integrity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_code_integrity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_dep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_dep.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_seh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_seh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_till\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_till.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"validation_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"validation_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"value.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"warning\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"warning.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"width\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"width.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x_originating_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"xml\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"year\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"z\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"z.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]", "notExpandable": true, "timeFieldName": "@timestamp", "title": "*:logstash-beats-*"}, "coreMigrationVersion": "7.16.2", "id": "AWBLHZaBRuBloj96jvrD", "migrationVersion": {"index-pattern": "7.11.0"}, "references": [], "sort": [1643385898421, 2287], "type": "index-pattern", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzQ0LDE1XQ=="} +{"attributes": {"columns": ["computer_name", "process_id", "user.name", "event_id", "event_data.Image"], "description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "sort": [["@timestamp", "desc"]], "title": "All Beats Logs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "AWBLMr9vRuBloj96jxp1", "migrationVersion": {"search": "7.9.3"}, "references": [{"id": "AWBLHZaBRuBloj96jvrD", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2289], "type": "search", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzQ1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Beats - Process IDs", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Beats - Process IDs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process_id\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWBLN7X2RuBloj96jxxY", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "AWBLHZaBRuBloj96jvrD", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2291], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzQ2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Beats - Computer Names", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Beats - Computer Names\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"computer_name.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWBLNriuRuBloj96jxv3", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "AWBLHZaBRuBloj96jvrD", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2293], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzQ3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Beats - Event IDs", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Beats - Event IDs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event_id\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWBLOT8MRuBloj96jx0N", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "AWBLHZaBRuBloj96jvrD", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2295], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzQ4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Beats - Usernames", "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}", "version": 1, "visState": "{\"title\":\"Beats - Usernames\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWBLONJCRuBloj96jxzY", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "AWBLHZaBRuBloj96jvrD", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2297], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzQ5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Beats - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Beats - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"line\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"linear\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWBLQ2__RuBloj96jyDn", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "AWBLHZaBRuBloj96jvrD", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2299], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzUwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Beats - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"Beats - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHHHR8xQT5EBNmq4z7", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "AWBLHZaBRuBloj96jvrD", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2301], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzUxLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":44,\"x\":0,\"y\":56,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"columns\":[\"computer_name\",\"process_id\",\"user.name\",\"event_id\",\"event_data.Image\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":8,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":32,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":32,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":28,\"h\":8,\"x\":20,\"y\":0,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":8,\"x\":8,\"y\":0,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]", "timeRestore": false, "title": "z16.04 - Beats", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "AWBLNS3CRuBloj96jxub", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "AWBLMr9vRuBloj96jxp1", "name": "panel_0", "type": "search"}, {"id": "AWBLNriuRuBloj96jxv3", "name": "panel_1", "type": "visualization"}, {"id": "AWBLN7X2RuBloj96jxxY", "name": "panel_2", "type": "visualization"}, {"id": "AWBLOT8MRuBloj96jx0N", "name": "panel_3", "type": "visualization"}, {"id": "AWBLONJCRuBloj96jxzY", "name": "panel_4", "type": "visualization"}, {"id": "AWBLQ2__RuBloj96jyDn", "name": "panel_5", "type": "visualization"}, {"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_6", "type": "visualization"}, {"id": "AWDHHHR8xQT5EBNmq4z7", "name": "panel_7", "type": "visualization"}], "sort": [1643385898421, 2310], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzUyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Connections - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"Connections - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDG71xFxQT5EBNmq336", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2312], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzUzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "DNS - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"DNS - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDG9Qx0xQT5EBNmq3_2", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d46522e0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2314], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzU0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SNMP - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"SNMP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHD-LfxQT5EBNmq4iB", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "b12150a0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2316], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzU1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SIP - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"SIP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHDNS4xQT5EBNmq4dF", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9e131480-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2318], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzU2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SMB - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"SMB - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHDfDkxQT5EBNmq4fQ", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "19849f30-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2320], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzU3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SMTP - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"SMTP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHDsr0xQT5EBNmq4gw", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "a6cea530-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2322], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzU4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Bro - Syslog - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"Bro - Syslog - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHE-_wxQT5EBNmq4n3", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "269ca380-76b4-11e7-8c3e-cfcdd8c95d87", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2324], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzU5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Software - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"Software - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHEKJUxQT5EBNmq4jW", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "ba3d77e0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2326], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzYwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SSH - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"SSH - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHEYk4xQT5EBNmq4k5", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c33e7600-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2328], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzYxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SSL - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"SSL - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHElRWxQT5EBNmq4lz", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c8f21de0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2330], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzYyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Tunnels - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"Tunnels - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHFYrqxQT5EBNmq4qT", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d26d5510-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2332], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzYzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Weird - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"Weird - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHGXk-xQT5EBNmq4uf", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "e32d0d50-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2334], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzY0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "X.509 - Log Count", "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}", "version": 1, "visState": "{\"title\":\"X.509 - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "AWDHGklsxQT5EBNmq4wG", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "f5038cc0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2336], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzY1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"event.category.keyword : \\\"registry\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Endgame - All Event.Cat:Registry Logs", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Endgame - All Event.Cat:Registry Logs\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":42}}}}"}, "coreMigrationVersion": "7.16.2", "id": "a0d30200-6405-11ec-864c-8b5450f97635", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "endgame-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 2339], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzY2LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"505d91a5-4f8c-4350-94d6-f6ef79f78ee5": {"columnOrder": ["48488c44-5465-4f80-8fda-7f09c7fa1b71", "8912ace2-fabe-4cb8-9ee7-9fe38a018b83"], "columns": {"48488c44-5465-4f80-8fda-7f09c7fa1b71": {"dataType": "string", "isBucketed": true, "label": "Top values of host.os.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "8912ace2-fabe-4cb8-9ee7-9fe38a018b83", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 3}, "scale": "ordinal", "sourceField": "host.os.name"}, "8912ace2-fabe-4cb8-9ee7-9fe38a018b83": {"dataType": "number", "isBucketed": false, "label": "Unique count of host.name", "operationType": "unique_count", "scale": "ratio", "sourceField": "host.name"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": ""}, "visualization": {"layers": [{"categoryDisplay": "default", "groups": ["48488c44-5465-4f80-8fda-7f09c7fa1b71"], "layerId": "505d91a5-4f8c-4350-94d6-f6ef79f78ee5", "layerType": "data", "legendDisplay": "default", "metric": "8912ace2-fabe-4cb8-9ee7-9fe38a018b83", "nestedLegend": false, "numberDisplay": "percent"}], "shape": "donut"}}, "title": "Endgame - Host Operating Systems", "visualizationType": "lnsPie"}, "coreMigrationVersion": "7.16.2", "id": "a2244d00-624b-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-505d91a5-4f8c-4350-94d6-f6ef79f78ee5", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 2343], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzY3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Connections - Top 10 - Total Bytes By Connection", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Connection\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Connection ID\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"left\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"uid.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection ID\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"uid.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection ID\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "f1325230-3b0d-11e7-a0fe-29878c6f414a", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2345], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzY4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Connections - Top 10 - Total Bytes By Destination Port", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Connections - Top 10 - Total Bytes By Destination Port\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination Port\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Max total_bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "acd65230-3b0d-11e7-a0fe-29878c6f414a", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2347], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzY5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Connections - Top 10 - Total Bytes By Destination IP", "uiStateJSON": "{}", "version": 1, "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Total Bytes\",\"field\":\"total_bytes\"},\"schema\":\"metric\",\"type\":\"max\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Destination IP Address\",\"field\":\"destination_ip\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"Destination IP Address\",\"field\":\"destination_ip\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}]},\"title\":\"Connections - Top 10 - Total Bytes By Destination IP\",\"type\":\"histogram\"}"}, "coreMigrationVersion": "7.16.2", "id": "eeafbb70-3b0c-11e7-a6f9-5d3fe735ec2b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2349], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzcwLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":71,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":20,\"h\":18,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":18,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":8,\"y\":18,\"w\":20,\"h\":20,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":8,\"y\":38,\"w\":40,\"h\":33,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":35,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":28,\"y\":18,\"w\":20,\"h\":20,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"}]", "timeRestore": false, "title": "Connections - Total Bytes", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "a2ab0c40-3b0a-11e7-a6f9-5d3fe735ec2b", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "f1325230-3b0d-11e7-a0fe-29878c6f414a", "name": "panel_1", "type": "visualization"}, {"id": "acd65230-3b0d-11e7-a0fe-29878c6f414a", "name": "panel_2", "type": "visualization"}, {"id": "41a33c80-3b0d-11e7-a6f9-5d3fe735ec2b", "name": "panel_3", "type": "visualization"}, {"id": "726cc040-48cf-11e8-9576-313be7c6b44b", "name": "panel_4", "type": "visualization"}, {"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "panel_5", "type": "search"}, {"id": "eeafbb70-3b0c-11e7-a6f9-5d3fe735ec2b", "name": "panel_6", "type": "visualization"}], "sort": [1643385898421, 2357], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzcxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SMTP - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SMTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "a5045e20-3bd1-11e7-a3ae-1754b87179c0", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "a6cea530-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2359], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzcyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "SMB - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SMB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "a663e070-4c78-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "19849f30-3aab-11e7-8b17-0d8709b02c80", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2361], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzczLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SNMP - Log Count Over TIme", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"SNMP - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "a67546c0-3640-11e7-a6f7-4f44d7bf1c33", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "b12150a0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2363], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mzc0LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"3895de20-9e00-43b5-b87f-b1c0bfa33b71": {"columnOrder": ["409d0c1c-683e-45b6-ba92-805285d63f55", "04cce9d7-67c1-4fd9-964d-f34dd053e070"], "columns": {"04cce9d7-67c1-4fd9-964d-f34dd053e070": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "409d0c1c-683e-45b6-ba92-805285d63f55": {"dataType": "date", "isBucketed": true, "label": "@timestamp", "operationType": "date_histogram", "params": {"interval": "auto"}, "scale": "interval", "sourceField": "@timestamp"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": "event.category.keyword : \"registry\" "}, "visualization": {"axisTitlesVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "fittingFunction": "None", "gridlinesVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "labelsOrientation": {"x": 0, "yLeft": 0, "yRight": 0}, "layers": [{"accessors": ["04cce9d7-67c1-4fd9-964d-f34dd053e070"], "layerId": "3895de20-9e00-43b5-b87f-b1c0bfa33b71", "layerType": "data", "position": "top", "seriesType": "line", "showGridlines": false, "xAccessor": "409d0c1c-683e-45b6-ba92-805285d63f55"}], "legend": {"isVisible": true, "position": "right"}, "preferredSeriesType": "line", "tickLabelsVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "valueLabels": "hide", "yLeftExtent": {"mode": "full"}, "yRightExtent": {"mode": "full"}}}, "title": "Endgame - Event.Cat:Registry Log Count Over Time", "visualizationType": "lnsXY"}, "coreMigrationVersion": "7.16.2", "id": "e09d6340-6cc9-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-3895de20-9e00-43b5-b87f-b1c0bfa33b71", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 2367], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mzc1LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"9643f560-7a46-408c-b61d-ed2a87fc6103": {"columnOrder": ["fdf33737-65bc-4b40-a118-140a43e9b7e5", "3520723b-f0f3-4845-975c-e97380d8124b"], "columns": {"3520723b-f0f3-4845-975c-e97380d8124b": {"dataType": "number", "isBucketed": false, "label": "Count of records", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "fdf33737-65bc-4b40-a118-140a43e9b7e5": {"dataType": "string", "isBucketed": true, "label": "Top values of process.executable", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "3520723b-f0f3-4845-975c-e97380d8124b", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 10}, "scale": "ordinal", "sourceField": "process.executable"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": "event.category.keyword : \"registry\" "}, "visualization": {"axisTitlesVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "fittingFunction": "None", "gridlinesVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "labelsOrientation": {"x": 0, "yLeft": 0, "yRight": 0}, "layers": [{"accessors": ["3520723b-f0f3-4845-975c-e97380d8124b"], "layerId": "9643f560-7a46-408c-b61d-ed2a87fc6103", "layerType": "data", "seriesType": "bar_horizontal", "xAccessor": "fdf33737-65bc-4b40-a118-140a43e9b7e5"}], "legend": {"isVisible": true, "position": "right"}, "preferredSeriesType": "bar_horizontal", "tickLabelsVisibilitySettings": {"x": true, "yLeft": true, "yRight": true}, "valueLabels": "hide", "yLeftExtent": {"mode": "full"}, "yRightExtent": {"mode": "full"}}}, "title": "Endgame - Registry Event process.executable", "visualizationType": "lnsXY"}, "coreMigrationVersion": "7.16.2", "id": "e9afc350-6cc5-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-9643f560-7a46-408c-b61d-ed2a87fc6103", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 2371], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mzc2LDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"65529737-0abd-4698-a75c-47c2e0934cc4": {"columnOrder": ["4fb772fa-d1e1-4746-9eaf-83e1690feb92", "26daa4f5-0a68-4fae-8385-0804a8d8d42b"], "columns": {"26daa4f5-0a68-4fae-8385-0804a8d8d42b": {"customLabel": true, "dataType": "number", "isBucketed": false, "label": "Count", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "4fb772fa-d1e1-4746-9eaf-83e1690feb92": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "user.name", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "26daa4f5-0a68-4fae-8385-0804a8d8d42b", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 5}, "scale": "ordinal", "sourceField": "user.name"}}, "incompleteColumns": {}}}}}, "filters": [{"$state": {"store": "appState"}, "meta": {"alias": null, "disabled": false, "indexRefName": "filter-index-pattern-0", "key": "event.category", "negate": false, "params": {"query": "registry"}, "type": "phrase"}, "query": {"match_phrase": {"event.category": "registry"}}}], "query": {"language": "kuery", "query": ""}, "visualization": {"columns": [{"columnId": "4fb772fa-d1e1-4746-9eaf-83e1690feb92"}, {"columnId": "26daa4f5-0a68-4fae-8385-0804a8d8d42b"}], "layerId": "65529737-0abd-4698-a75c-47c2e0934cc4", "layerType": "data"}}, "title": "Endgame - Registry User Name", "visualizationType": "lnsDatatable"}, "coreMigrationVersion": "7.16.2", "id": "c86a8ba0-6e44-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-65529737-0abd-4698-a75c-47c2e0934cc4", "type": "index-pattern"}, {"id": "endgame-*", "name": "filter-index-pattern-0", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 2376], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mzc3LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"}, "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"hidePanelTitles\":false}", "panelsJSON": "[{\"version\":\"7.16.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":11,\"i\":\"066310d0-63f3-4cc8-9daa-8c0be5ad5b5f\"},\"panelIndex\":\"066310d0-63f3-4cc8-9daa-8c0be5ad5b5f\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"Endgame - Navigation\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Admin](/kibana/app/dashboards#/view/6063a9e0-61b2-11ec-864c-8b5450f97635) \\n \\n**Event Category** \\n[Alert](https://PLACEHOLDER/kibana/app/dashboards#/view/0c8e61c0-67fc-11ec-864c-8b5450f97635) | \\n[File](/kibana/app/dashboards#/view/4923ad00-6349-11ec-864c-8b5450f97635) | [Network](/kibana/app/dashboards#/view/49d34770-53b2-11ec-b3ef-6bcc33056a36) | [Process](/kibana/app/dashboards#/view/790991a0-6287-11ec-864c-8b5450f97635) | [Authentication](/kibana/app/dashboards#/view/6c5aaff0-63f6-11ec-864c-8b5450f97635) | [Registry](/kibana/app/dashboards#/view/a6c6c880-63f7-11ec-864c-8b5450f97635)\\n\\n**Endgame** \\n[Endgame Alerts](https://ENDGAMEHOST/alerts/dashboard)\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"type\":\"visualization\"},\"panelRefName\":\"panel_066310d0-63f3-4cc8-9daa-8c0be5ad5b5f\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":0,\"w\":10,\"h\":11,\"i\":\"06494306-08f9-440f-a361-d63cbd6176be\"},\"panelIndex\":\"06494306-08f9-440f-a361-d63cbd6176be\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Registry All Logs \",\"panelRefName\":\"panel_06494306-08f9-440f-a361-d63cbd6176be\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":18,\"y\":0,\"w\":30,\"h\":11,\"i\":\"9461ee7e-d1fd-448b-9094-eff9e2ebdd58\"},\"panelIndex\":\"9461ee7e-d1fd-448b-9094-eff9e2ebdd58\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Registry Logs Over Time\",\"panelRefName\":\"panel_9461ee7e-d1fd-448b-9094-eff9e2ebdd58\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":11,\"w\":33,\"h\":17,\"i\":\"3265c94f-df4b-4a1d-bc7c-64c2e99e72a7\"},\"panelIndex\":\"3265c94f-df4b-4a1d-bc7c-64c2e99e72a7\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endgame - Registry Event Process\",\"panelRefName\":\"panel_3265c94f-df4b-4a1d-bc7c-64c2e99e72a7\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":33,\"y\":11,\"w\":15,\"h\":17,\"i\":\"ca05c1e6-7d21-4c69-b6be-ab95031f30f9\"},\"panelIndex\":\"ca05c1e6-7d21-4c69-b6be-ab95031f30f9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ca05c1e6-7d21-4c69-b6be-ab95031f30f9\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":28,\"w\":30,\"h\":17,\"i\":\"5b3b7aed-80c9-4e18-a55a-7ca2841913a1\"},\"panelIndex\":\"5b3b7aed-80c9-4e18-a55a-7ca2841913a1\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Endgame - Registry Events\",\"panelRefName\":\"panel_5b3b7aed-80c9-4e18-a55a-7ca2841913a1\"},{\"version\":\"7.15.2\",\"type\":\"lens\",\"gridData\":{\"x\":30,\"y\":28,\"w\":18,\"h\":17,\"i\":\"83bb52e5-74b3-459b-8767-78bc47d1ff8d\"},\"panelIndex\":\"83bb52e5-74b3-459b-8767-78bc47d1ff8d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_83bb52e5-74b3-459b-8767-78bc47d1ff8d\"},{\"version\":\"7.15.2\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":34,\"i\":\"aa14e2db-4c3d-4a44-ad58-aae071e6ed3f\"},\"panelIndex\":\"aa14e2db-4c3d-4a44-ad58-aae071e6ed3f\",\"embeddableConfig\":{\"enhancements\":{},\"columns\":[\"host.name\",\"registry.path\",\"related.user\",\"registry.key\",\"registry.value\"]},\"panelRefName\":\"panel_aa14e2db-4c3d-4a44-ad58-aae071e6ed3f\"}]", "timeRestore": false, "title": "Endgame - Registry", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "a6c6c880-63f7-11ec-864c-8b5450f97635", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "754f7380-6d82-11ec-864c-8b5450f97635", "name": "066310d0-63f3-4cc8-9daa-8c0be5ad5b5f:panel_066310d0-63f3-4cc8-9daa-8c0be5ad5b5f", "type": "visualization"}, {"id": "10af1a20-6cc9-11ec-864c-8b5450f97635", "name": "06494306-08f9-440f-a361-d63cbd6176be:panel_06494306-08f9-440f-a361-d63cbd6176be", "type": "lens"}, {"id": "e09d6340-6cc9-11ec-864c-8b5450f97635", "name": "9461ee7e-d1fd-448b-9094-eff9e2ebdd58:panel_9461ee7e-d1fd-448b-9094-eff9e2ebdd58", "type": "lens"}, {"id": "e9afc350-6cc5-11ec-864c-8b5450f97635", "name": "3265c94f-df4b-4a1d-bc7c-64c2e99e72a7:panel_3265c94f-df4b-4a1d-bc7c-64c2e99e72a7", "type": "lens"}, {"id": "c86a8ba0-6e44-11ec-864c-8b5450f97635", "name": "ca05c1e6-7d21-4c69-b6be-ab95031f30f9:panel_ca05c1e6-7d21-4c69-b6be-ab95031f30f9", "type": "lens"}, {"id": "e1e12ab0-6cc5-11ec-864c-8b5450f97635", "name": "5b3b7aed-80c9-4e18-a55a-7ca2841913a1:panel_5b3b7aed-80c9-4e18-a55a-7ca2841913a1", "type": "lens"}, {"id": "8d1f99e0-6e45-11ec-864c-8b5450f97635", "name": "83bb52e5-74b3-459b-8767-78bc47d1ff8d:panel_83bb52e5-74b3-459b-8767-78bc47d1ff8d", "type": "lens"}, {"id": "0359b740-64cc-11ec-864c-8b5450f97635", "name": "aa14e2db-4c3d-4a44-ad58-aae071e6ed3f:panel_aa14e2db-4c3d-4a44-ad58-aae071e6ed3f", "type": "search"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 2386], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mzc4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Strelka - Request - Client", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Strelka - Request - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"request.client.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"request.client.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "a7ebb450-772c-11ea-bee5-af7f7c7b8e05", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2388], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mzc5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Data Overview", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - Data Overview\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"event.category.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":false,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":false,\"last_level\":false,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Category\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"url\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/dashboards#/view/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.module.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"params\":{},\"label\":\"event.module.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true}}"}, "coreMigrationVersion": "7.16.2", "id": "ac6b1720-7559-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2390], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzgwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"observer.name:* OR agent.name:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Log Count By Node ", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Log Count By Node \",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"observer.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"observer.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Node\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "a9fae5c0-6e9b-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2392], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzgxLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":9,\"h\":8,\"i\":\"e243c0f0-f7cf-453e-8f5c-dc93e4651d69\"},\"panelIndex\":\"e243c0f0-f7cf-453e-8f5c-dc93e4651d69\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":9,\"y\":0,\"w\":17,\"h\":8,\"i\":\"5fdac8ff-799a-4d54-8dcb-ee1728d9623d\"},\"panelIndex\":\"5fdac8ff-799a-4d54-8dcb-ee1728d9623d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":26,\"y\":0,\"w\":22,\"h\":8,\"i\":\"126f5365-8829-469d-8349-a08874975584\"},\"panelIndex\":\"126f5365-8829-469d-8349-a08874975584\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":22,\"h\":26,\"i\":\"9c61759c-0b14-433b-bca7-fd22f9a20630\"},\"panelIndex\":\"9c61759c-0b14-433b-bca7-fd22f9a20630\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":22,\"y\":8,\"w\":9,\"h\":26,\"i\":\"504e0ba1-08f7-4601-833d-6615d84e8fba\"},\"panelIndex\":\"504e0ba1-08f7-4601-833d-6615d84e8fba\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":31,\"y\":8,\"w\":8,\"h\":26,\"i\":\"e3425787-250b-4dad-8244-4c7ba65df3d9\"},\"panelIndex\":\"e3425787-250b-4dad-8244-4c7ba65df3d9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":39,\"y\":8,\"w\":9,\"h\":26,\"i\":\"9c133f8f-ca11-4a4b-ac5a-3dfe3b87f20e\"},\"panelIndex\":\"9c133f8f-ca11-4a4b-ac5a-3dfe3b87f20e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":30,\"i\":\"3c89322f-4209-40ba-bbe7-5c5fb45420ac\"},\"panelIndex\":\"3c89322f-4209-40ba-bbe7-5c5fb45420ac\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]", "timeRestore": false, "title": "Security Onion - Home", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "a8411b30-6d03-11ea-b301-3d6c35840645", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "8cfec8c0-6ec2-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "ac6b1720-7559-11ea-9565-7315f4ee5cac", "name": "panel_3", "type": "visualization"}, {"id": "ad398b70-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_4", "type": "visualization"}, {"id": "8b065a80-6eca-11ea-9266-1fd14ca6af34", "name": "panel_5", "type": "visualization"}, {"id": "a9fae5c0-6e9b-11ea-9266-1fd14ca6af34", "name": "panel_6", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_7", "type": "search"}], "sort": [1643385898421, 2401], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzgyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - DNS - Response Code Name (Donut)", "uiStateJSON": "{}", "version": 1, "visState": "{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.response.code_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dns.response.code_name.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"title\":\"Security Onion - DNS - Response Code Name (Donut)\"}"}, "coreMigrationVersion": "7.16.2", "id": "a9bd4090-72b9-11ea-8dd2-9d8795a1200b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2403], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzgzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\n \"query\": {\n \"language\": \"kuery\",\n \"query\": \"\"\n },\n \"filter\": []\n}"}, "savedSearchRefName": "search_0", "title": "Security Onion - Osquery - Query Results Count", "uiStateJSON": "{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}", "version": 1, "visState": "{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"result.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Query Results\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"result.hostname.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Endpoint\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"result.live_query.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Live Query Pivot\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"result.endpoint_ip1.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Endpoint Primary IP\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Security Onion - Osquery - Query Results Count\"}"}, "coreMigrationVersion": "7.16.2", "id": "ab47a590-afcc-11ea-b262-353d451b125b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9eed5fc0-afcb-11ea-b262-353d451b125b", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2405], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mzg0LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"h\":8,\"i\":\"3919aa4b-bef6-4545-a780-484bae2df9ee\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"3919aa4b-bef6-4545-a780-484bae2df9ee\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"}]", "timeRestore": false, "title": "Security Onion - Users", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "abbe1140-72c7-11ea-8dd2-9d8795a1200b", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "8cfec8c0-6ec2-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}], "sort": [1643385898421, 2407], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mzg1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Dataset By Node", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Dataset By Node\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Dataset\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"event.dataset.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.dataset.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "abffa080-6ec9-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2409], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mzg2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SIP - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SIP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "f5166880-374f-11e7-b74a-f5057991ccd2", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9e131480-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2411], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mzg3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SIP - Request Path", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SIP - Request Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"request_path.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request Path\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "dddb4430-3752-11e7-b74a-f5057991ccd2", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9e131480-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2413], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mzg4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SIP - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SIP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "dfd1dc00-6e24-11e7-a261-55504638cf3b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9e131480-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2415], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mzg5LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":72,\"w\":16,\"h\":24,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":72,\"w\":16,\"h\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":20,\"y\":8,\"w\":12,\"h\":16,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":96,\"w\":48,\"h\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":20,\"y\":48,\"w\":28,\"h\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":32,\"y\":24,\"w\":16,\"h\":24,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":48,\"w\":20,\"h\":24,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}},\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":12,\"h\":16,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":120,\"w\":48,\"h\":30,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":16,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":32,\"y\":72,\"w\":16,\"h\":24,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":24,\"w\":24,\"h\":24,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_14\"}]", "timeRestore": false, "title": "z16.04 - Bro - SIP", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "ad3c0830-3583-11e7-a588-05992195c551", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "5393c710-3640-11e7-a6f7-4f44d7bf1c33", "name": "panel_1", "type": "visualization"}, {"id": "f5166880-374f-11e7-b74a-f5057991ccd2", "name": "panel_2", "type": "visualization"}, {"id": "04e1aea0-3750-11e7-b74a-f5057991ccd2", "name": "panel_3", "type": "visualization"}, {"id": "90bf0a80-3750-11e7-b74a-f5057991ccd2", "name": "panel_4", "type": "visualization"}, {"id": "dddb4430-3752-11e7-b74a-f5057991ccd2", "name": "panel_5", "type": "visualization"}, {"id": "5e36c370-3753-11e7-b74a-f5057991ccd2", "name": "panel_6", "type": "visualization"}, {"id": "73f663f0-3753-11e7-b74a-f5057991ccd2", "name": "panel_7", "type": "visualization"}, {"id": "930b1600-3753-11e7-b74a-f5057991ccd2", "name": "panel_8", "type": "visualization"}, {"id": "2db47070-3754-11e7-b74a-f5057991ccd2", "name": "panel_9", "type": "visualization"}, {"id": "9e131480-342e-11e7-9e93-53b62e1857b2", "name": "panel_10", "type": "search"}, {"id": "1ef5c230-6e24-11e7-a261-55504638cf3b", "name": "panel_11", "type": "visualization"}, {"id": "dfd1dc00-6e24-11e7-a261-55504638cf3b", "name": "panel_12", "type": "visualization"}, {"id": "AWDHDNS4xQT5EBNmq4dF", "name": "panel_13", "type": "visualization"}, {"id": "0291dba0-4c78-11e8-9b0a-f1d33346f773", "name": "panel_14", "type": "visualization"}], "sort": [1643385898421, 2431], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzkwLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"event.module:zeek AND event.dataset:file\",\"language\":\"kuery\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":7,\"i\":\"257c130f-3673-410c-9f60-d67deb13b580\"},\"panelIndex\":\"257c130f-3673-410c-9f60-d67deb13b580\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":17,\"h\":7,\"i\":\"de6206b4-7adb-44a0-ae00-2d28274478c8\"},\"panelIndex\":\"de6206b4-7adb-44a0-ae00-2d28274478c8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":7,\"i\":\"93532ba0-f446-4a97-8783-a04dd4347485\"},\"panelIndex\":\"93532ba0-f446-4a97-8783-a04dd4347485\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":7,\"w\":8,\"h\":19,\"i\":\"a2af856c-7069-46b2-974c-e8b9054af929\"},\"panelIndex\":\"a2af856c-7069-46b2-974c-e8b9054af929\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":7,\"w\":9,\"h\":19,\"i\":\"4a3de026-5001-46a6-af20-78db885bd4bb\"},\"panelIndex\":\"4a3de026-5001-46a6-af20-78db885bd4bb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":17,\"y\":7,\"w\":17,\"h\":19,\"i\":\"74071657-abfc-49e7-a0c3-e318b72a9d4c\"},\"panelIndex\":\"74071657-abfc-49e7-a0c3-e318b72a9d4c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":34,\"y\":7,\"w\":14,\"h\":19,\"i\":\"2379029c-c749-4804-91df-3d9be3fc4f8a\"},\"panelIndex\":\"2379029c-c749-4804-91df-3d9be3fc4f8a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":26,\"w\":21,\"h\":19,\"i\":\"0e36a0b5-5905-43c6-8ae1-f3eb348571a0\"},\"panelIndex\":\"0e36a0b5-5905-43c6-8ae1-f3eb348571a0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":21,\"y\":26,\"w\":8,\"h\":19,\"i\":\"99813eab-a19b-47d2-a8ee-8bcb667eedbf\"},\"panelIndex\":\"99813eab-a19b-47d2-a8ee-8bcb667eedbf\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":29,\"y\":26,\"w\":10,\"h\":19,\"i\":\"18a734f4-78a1-4d84-9f7f-7c5aa6d3b1c2\"},\"panelIndex\":\"18a734f4-78a1-4d84-9f7f-7c5aa6d3b1c2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":39,\"y\":26,\"w\":9,\"h\":19,\"i\":\"c51df9f8-9010-4cae-9c7c-76ca7af98f13\"},\"panelIndex\":\"c51df9f8-9010-4cae-9c7c-76ca7af98f13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":24,\"i\":\"226350dd-3afe-4135-a8da-71db63287a95\"},\"panelIndex\":\"226350dd-3afe-4135-a8da-71db63287a95\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"}]", "timeRestore": false, "title": "Security Onion - Zeek Files", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "ad4d5d60-75f4-11ea-9565-7315f4ee5cac", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "8cfec8c0-6ec2-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "bcf25e30-75f1-11ea-9565-7315f4ee5cac", "name": "panel_5", "type": "visualization"}, {"id": "e8d35c50-75f3-11ea-9565-7315f4ee5cac", "name": "panel_6", "type": "visualization"}, {"id": "09fc6ef0-7732-11ea-bee5-af7f7c7b8e05", "name": "panel_7", "type": "visualization"}, {"id": "2fc4bea0-7730-11ea-bee5-af7f7c7b8e05", "name": "panel_8", "type": "visualization"}, {"id": "49cfe850-772c-11ea-bee5-af7f7c7b8e05", "name": "panel_9", "type": "visualization"}, {"id": "efc25540-75f1-11ea-9565-7315f4ee5cac", "name": "panel_10", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_11", "type": "search"}], "sort": [1643385898421, 2444], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzkxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Bro - Syslog - Destination IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Bro - Syslog - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "ae4e88b0-76b5-11e7-94e1-3d2ec4e57ed9", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "269ca380-76b4-11e7-8c3e-cfcdd8c95d87", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2446], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzkyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "SSL - Destination Country (Bar Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"SSL - Destination Country (Bar Chart)\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"destination_geo.country_name.keyword: Descending\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "ae959820-365c-11e7-8bd0-1db2c55fb7a1", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c8f21de0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2448], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0MzkzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SMTP - TLS - True/False (Vertical Bar Chart)", "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", "version": 1, "visState": "{\"title\":\"SMTP - TLS - True/False (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"TLS\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"TLS\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "aeb71cc0-6e29-11e7-8b76-75eee0095daa", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "a6cea530-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2450], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mzk0LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Initial Systems/Queries\",\"disabled\":true,\"key\":\"osquery.counter\",\"negate\":true,\"params\":{\"query\":0,\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"0\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"osquery.counter\":{\"query\":0,\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Servers Only\",\"disabled\":true,\"key\":\"osquery.codename\",\"negate\":false,\"params\":{\"query\":\"server\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"server\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match\":{\"osquery.codename\":{\"query\":\"server\",\"type\":\"phrase\"}}}}],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":64,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":17,\"h\":11,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":8,\"y\":29,\"w\":40,\"h\":20,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Chrome Extensions - Logs\",\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":8,\"y\":11,\"w\":40,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Chrome Extensions - Sensitive Permissions\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":11,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Chrome Extensions - Changes by Hostname\",\"panelRefName\":\"panel_4\"}]", "timeRestore": false, "title": "osquery - Chrome Extensions", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "af0ea750-18d3-11e9-932c-d12d2cf4ee95", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", "type": "index-pattern"}, {"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", "type": "index-pattern"}, {"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "71538370-18d5-11e9-932c-d12d2cf4ee95", "name": "panel_1", "type": "visualization"}, {"id": "0eee4360-18d4-11e9-932c-d12d2cf4ee95", "name": "panel_2", "type": "search"}, {"id": "78cf8bf0-1a59-11e9-ac0b-cb0ba10141ab", "name": "panel_3", "type": "visualization"}, {"id": "04f86530-1a59-11e9-ac0b-cb0ba10141ab", "name": "panel_4", "type": "visualization"}], "sort": [1643385898421, 2458], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mzk1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Security Onion - Osquery - Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rule.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"title\":\"Security Onion - Osquery - Name\"}"}, "coreMigrationVersion": "7.16.2", "id": "af139720-afcb-11ea-b262-353d451b125b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "5c3effd0-72ae-11ea-8dd2-9d8795a1200b", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2460], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mzk2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - DHCP - Message Type (Donut)", "uiStateJSON": "{}", "version": 1, "visState": "{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dhcp.message_types.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message Type\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"title\":\"Security Onion - DHCP - Message Type (Donut)\"}"}, "coreMigrationVersion": "7.16.2", "id": "af26c6e0-96e6-11ea-814e-bb515e873c2c", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2462], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mzk3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SMTP - Subject", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SMTP - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"subject.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"SMTP\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "c47e2a10-39a1-11e7-8472-0151e5b2b475", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "a6cea530-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2464], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mzk4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "SMTP - Destination Country (Donut Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"SMTP - Destination Country (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "dfe23030-39a1-11e7-8472-0151e5b2b475", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "a6cea530-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2466], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0Mzk5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SMTP - TLS (Pie Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"SMTP - TLS (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "c3bb32c0-39a2-11e7-8472-0151e5b2b475", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "a6cea530-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2468], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDAwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SMTP - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SMTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "f18a0480-3bd0-11e7-9c09-4f161b0766dd", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "a6cea530-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2470], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDAxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SMTP - User Agent", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SMTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"useragent.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "d776e510-6e28-11e7-8b76-75eee0095daa", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "a6cea530-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2472], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDAyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SMTP - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SMTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "d5aa6d00-6e29-11e7-8b76-75eee0095daa", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "a6cea530-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2474], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDAzLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":80,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":80,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":56,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":16,\"y\":56,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":28,\"x\":0,\"y\":104,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":32,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":20,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":20,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":56,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_14\"}]", "timeRestore": false, "title": "z16.04 - Bro - SMTP", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "b10a9c60-3583-11e7-a588-05992195c551", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "7c922990-3640-11e7-a6f7-4f44d7bf1c33", "name": "panel_1", "type": "visualization"}, {"id": "c47e2a10-39a1-11e7-8472-0151e5b2b475", "name": "panel_2", "type": "visualization"}, {"id": "dfe23030-39a1-11e7-8472-0151e5b2b475", "name": "panel_3", "type": "visualization"}, {"id": "73b1b240-39a2-11e7-8472-0151e5b2b475", "name": "panel_4", "type": "visualization"}, {"id": "96767400-39a2-11e7-8472-0151e5b2b475", "name": "panel_5", "type": "visualization"}, {"id": "c3bb32c0-39a2-11e7-8472-0151e5b2b475", "name": "panel_6", "type": "visualization"}, {"id": "f18a0480-3bd0-11e7-9c09-4f161b0766dd", "name": "panel_7", "type": "visualization"}, {"id": "a5045e20-3bd1-11e7-a3ae-1754b87179c0", "name": "panel_8", "type": "visualization"}, {"id": "a6cea530-342e-11e7-9e93-53b62e1857b2", "name": "panel_9", "type": "search"}, {"id": "d776e510-6e28-11e7-8b76-75eee0095daa", "name": "panel_10", "type": "visualization"}, {"id": "53beb0d0-6e29-11e7-8b76-75eee0095daa", "name": "panel_11", "type": "visualization"}, {"id": "aeb71cc0-6e29-11e7-8b76-75eee0095daa", "name": "panel_12", "type": "visualization"}, {"id": "d5aa6d00-6e29-11e7-8b76-75eee0095daa", "name": "panel_13", "type": "visualization"}, {"id": "AWDHDsr0xQT5EBNmq4gw", "name": "panel_14", "type": "visualization"}], "sort": [1643385898421, 2490], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDA0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - DNP3 - IIN", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - DNP3 - IIN\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dnp3.iin: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dnp3.iin\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IIN\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "f991b6d0-75b8-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2492], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDA1LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:dnp3\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"728d0151-5dc6-429d-9b14-b457ab73d3fd\"},\"panelIndex\":\"728d0151-5dc6-429d-9b14-b457ab73d3fd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":15,\"h\":8,\"i\":\"1b99097d-a957-4163-9810-263a0e653c18\"},\"panelIndex\":\"1b99097d-a957-4163-9810-263a0e653c18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":8,\"i\":\"43bb3cf4-ee4a-4eba-8eea-8e133957fd48\"},\"panelIndex\":\"43bb3cf4-ee4a-4eba-8eea-8e133957fd48\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":19,\"i\":\"87f23747-38c9-4d15-a85b-8beff66abaf4\"},\"panelIndex\":\"87f23747-38c9-4d15-a85b-8beff66abaf4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":8,\"h\":19,\"i\":\"d10ae5ac-6400-4a2c-a376-e6e74ed529ad\"},\"panelIndex\":\"d10ae5ac-6400-4a2c-a376-e6e74ed529ad\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":8,\"w\":12,\"h\":19,\"i\":\"a9916c8f-c82b-413d-8561-64ce0d68d3b8\"},\"panelIndex\":\"a9916c8f-c82b-413d-8561-64ce0d68d3b8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":19,\"i\":\"04426d00-3313-40eb-a0c9-2541a7ea99f3\"},\"panelIndex\":\"04426d00-3313-40eb-a0c9-2541a7ea99f3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":28,\"i\":\"f36f0fec-ab1e-4aea-84ea-4cf0fedcfffc\"},\"panelIndex\":\"f36f0fec-ab1e-4aea-84ea-4cf0fedcfffc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]", "timeRestore": false, "title": "Security Onion - DNP3", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "b1f52180-755a-11ea-9565-7315f4ee5cac", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "f991b6d0-75b8-11ea-9565-7315f4ee5cac", "name": "panel_5", "type": "visualization"}, {"id": "214793c0-75b9-11ea-9565-7315f4ee5cac", "name": "panel_6", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_7", "type": "search"}], "sort": [1643385898421, 2501], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDA2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - RFB - Authentication Method", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - RFB - Authentication Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rfb.authentication.method.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.authentication.method.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "b2053990-75c7-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2503], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDA3LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:kerberos\",\"language\":\"kuery\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"caa0aaa2-ed03-47b4-9a9f-c0f9b8d50da9\"},\"panelIndex\":\"caa0aaa2-ed03-47b4-9a9f-c0f9b8d50da9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":14,\"y\":0,\"w\":15,\"h\":9,\"i\":\"e0e4a50d-887b-472b-a790-302966fb6f49\"},\"panelIndex\":\"e0e4a50d-887b-472b-a790-302966fb6f49\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":9,\"i\":\"5cca2c4b-7299-4122-a3d5-3637ef23dc5d\"},\"panelIndex\":\"5cca2c4b-7299-4122-a3d5-3637ef23dc5d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":10,\"h\":19,\"i\":\"aa944a94-288e-490f-9e04-f5b3bc2cf19f\"},\"panelIndex\":\"aa944a94-288e-490f-9e04-f5b3bc2cf19f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":10,\"y\":9,\"w\":10,\"h\":19,\"i\":\"ebc359a7-3dce-4e7d-bd70-355cc8099437\"},\"panelIndex\":\"ebc359a7-3dce-4e7d-bd70-355cc8099437\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":20,\"y\":9,\"w\":11,\"h\":19,\"i\":\"251dacac-b4c5-481a-9e41-8173e9bc27ab\"},\"panelIndex\":\"251dacac-b4c5-481a-9e41-8173e9bc27ab\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":31,\"y\":9,\"w\":7,\"h\":19,\"i\":\"1a78a61c-7b0a-425f-ade8-bcbb302a2585\"},\"panelIndex\":\"1a78a61c-7b0a-425f-ade8-bcbb302a2585\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":38,\"y\":9,\"w\":10,\"h\":19,\"i\":\"eba2e210-8b36-41a7-8ac5-7d63cfc022e1\"},\"panelIndex\":\"eba2e210-8b36-41a7-8ac5-7d63cfc022e1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":28,\"w\":48,\"h\":29,\"i\":\"13a216e9-1e56-4069-a61a-238ff604a18b\"},\"panelIndex\":\"13a216e9-1e56-4069-a61a-238ff604a18b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]", "timeRestore": false, "title": "Security Onion - Kerberos", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "b207ab90-75bc-11ea-9565-7315f4ee5cac", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "c879ad60-72a1-11ea-8dd2-9d8795a1200b", "name": "panel_2", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "0ecc7310-75bd-11ea-9565-7315f4ee5cac", "name": "panel_5", "type": "visualization"}, {"id": "2d73e460-75bd-11ea-9565-7315f4ee5cac", "name": "panel_6", "type": "visualization"}, {"id": "48331f00-75bd-11ea-9565-7315f4ee5cac", "name": "panel_7", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_8", "type": "search"}], "sort": [1643385898421, 2513], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDA4LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":104,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":56,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":56,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":8,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":32,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":80,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"}]", "timeRestore": false, "title": "z16.04 - Bro - SMB", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "b3a53710-3aaa-11e7-8b17-0d8709b02c80", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "19849f30-3aab-11e7-8b17-0d8709b02c80", "name": "panel_0", "type": "search"}, {"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_1", "type": "visualization"}, {"id": "85e40a70-3aac-11e7-8b17-0d8709b02c80", "name": "panel_2", "type": "visualization"}, {"id": "15b4e7a0-3aad-11e7-8b17-0d8709b02c80", "name": "panel_3", "type": "visualization"}, {"id": "31f5e040-3aad-11e7-8b17-0d8709b02c80", "name": "panel_4", "type": "visualization"}, {"id": "6f883480-3aad-11e7-8b17-0d8709b02c80", "name": "panel_5", "type": "visualization"}, {"id": "60384e00-3aaf-11e7-a83b-b1b4da7d15f4", "name": "panel_6", "type": "visualization"}, {"id": "72f0f010-3aaf-11e7-a83b-b1b4da7d15f4", "name": "panel_7", "type": "visualization"}, {"id": "306c4330-4175-11e7-a0f7-47f4c03e3306", "name": "panel_8", "type": "visualization"}, {"id": "AWDHDfDkxQT5EBNmq4fQ", "name": "panel_9", "type": "visualization"}, {"id": "a663e070-4c78-11e8-9b0a-f1d33346f773", "name": "panel_10", "type": "visualization"}], "sort": [1643385898421, 2525], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDA5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Connections - Responder Bytes", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Connections - Responder Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"respond_bytes\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Responder Bytes\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "b50912f0-366f-11e7-8c78-e3086faf385c", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2527], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDEwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Tunnels - Type", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - Tunnels - Type\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tunnel.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "b6120810-75ef-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2529], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDExLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Connections - Source - Responder Bytes ( Tile Map)", "uiStateJSON": "{\"mapZoom\":3,\"mapCenter\":[39.70718665682654,-44.912109375]}", "version": 1, "visState": "{\"title\":\"Connections - Source - Responder Bytes ( Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"respond_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "f3bc9fa0-46cb-11e7-946f-1bfb1be7c36b", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2531], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDEyLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.3.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[24.84656534821976,0.17578125],\"mapZoom\":2,\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]", "timeRestore": false, "title": "Connections - Source - Responder Bytes", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "b65775e0-46cb-11e7-946f-1bfb1be7c36b", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "f3bc9fa0-46cb-11e7-946f-1bfb1be7c36b", "name": "panel_1", "type": "visualization"}], "sort": [1643385898421, 2534], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDEzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SNMP - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SNMP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "e8511600-36b8-11e7-9786-41a1d72e15ad", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "b12150a0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2536], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDE0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SNMP - Session Duration", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SNMP - Session Duration\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"duration\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Duration\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "e47015d0-36b9-11e7-9786-41a1d72e15ad", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "b12150a0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2538], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDE1LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":24,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":32,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]", "timeRestore": false, "title": "z16.04 - Bro - SNMP", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "b65c2710-3583-11e7-a588-05992195c551", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "a67546c0-3640-11e7-a6f7-4f44d7bf1c33", "name": "panel_1", "type": "visualization"}, {"id": "e8511600-36b8-11e7-9786-41a1d72e15ad", "name": "panel_2", "type": "visualization"}, {"id": "0defabb0-36b9-11e7-9786-41a1d72e15ad", "name": "panel_3", "type": "visualization"}, {"id": "e47015d0-36b9-11e7-9786-41a1d72e15ad", "name": "panel_4", "type": "visualization"}, {"id": "2a3ae810-36ba-11e7-9786-41a1d72e15ad", "name": "panel_5", "type": "visualization"}, {"id": "b12150a0-342e-11e7-9e93-53b62e1857b2", "name": "panel_6", "type": "search"}, {"id": "7dc62970-6e2a-11e7-8b76-75eee0095daa", "name": "panel_7", "type": "visualization"}, {"id": "AWDHD-LfxQT5EBNmq4iB", "name": "panel_8", "type": "visualization"}, {"id": "83a91450-4c79-11e8-9b0a-f1d33346f773", "name": "panel_9", "type": "visualization"}], "sort": [1643385898421, 2549], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDE2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SSL - Validation Status", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - SSL - Validation Status\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.validation_status.keyword: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssl.validation_status.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "b8371250-75ec-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2551], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDE3LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:radius\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"005ac000-9db8-4310-97d5-4574cdaf0e49\"},\"panelIndex\":\"005ac000-9db8-4310-97d5-4574cdaf0e49\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":9,\"i\":\"a65d1358-9fa9-4457-8a46-5790a748d1fa\"},\"panelIndex\":\"a65d1358-9fa9-4457-8a46-5790a748d1fa\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":9,\"i\":\"d38d991e-53e4-4b71-8e3f-c0d4b0d454da\"},\"panelIndex\":\"d38d991e-53e4-4b71-8e3f-c0d4b0d454da\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":19,\"i\":\"9304c1a2-e55f-4f51-bd04-d15892b754a4\"},\"panelIndex\":\"9304c1a2-e55f-4f51-bd04-d15892b754a4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":19,\"i\":\"7075ea4f-e935-470c-9329-9a0b15202385\"},\"panelIndex\":\"7075ea4f-e935-470c-9329-9a0b15202385\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":9,\"w\":8,\"h\":19,\"i\":\"91a90e9d-71f7-484c-a561-6aef6a3b8f09\"},\"panelIndex\":\"91a90e9d-71f7-484c-a561-6aef6a3b8f09\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":9,\"w\":9,\"h\":19,\"i\":\"9058f9ee-39d1-4e2b-a99b-ed4c2fb26efd\"},\"panelIndex\":\"9058f9ee-39d1-4e2b-a99b-ed4c2fb26efd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":19,\"i\":\"766f8f9b-3f31-47d8-9734-442fc1fcff84\"},\"panelIndex\":\"766f8f9b-3f31-47d8-9734-442fc1fcff84\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":28,\"w\":48,\"h\":29,\"i\":\"49fd1168-f7ab-4759-a92c-f2699389678e\"},\"panelIndex\":\"49fd1168-f7ab-4759-a92c-f2699389678e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]", "timeRestore": false, "title": "Security Onion - RADIUS", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "b9769e60-75c4-11ea-9565-7315f4ee5cac", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "767c89f0-af4c-11ea-b262-353d451b125b", "name": "panel_5", "type": "visualization"}, {"id": "0ca071b0-75c5-11ea-9565-7315f4ee5cac", "name": "panel_6", "type": "visualization"}, {"id": "27ab8260-75c5-11ea-9565-7315f4ee5cac", "name": "panel_7", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_8", "type": "search"}], "sort": [1643385898421, 2561], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDE4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Connections - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Connections - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "bc7fbe00-4a44-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2563], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDE5LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"event.module:osquery\",\"language\":\"kuery\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":7,\"i\":\"7f9eaa30-b358-4027-a312-249defe273c4\"},\"panelIndex\":\"7f9eaa30-b358-4027-a312-249defe273c4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":7,\"y\":0,\"w\":17,\"h\":7,\"i\":\"ca041a33-b29f-4ce6-8762-2dd86a9c27a2\"},\"panelIndex\":\"ca041a33-b29f-4ce6-8762-2dd86a9c27a2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":7,\"i\":\"4e6cdaec-ad6d-46b2-abdc-7383382635c7\"},\"panelIndex\":\"4e6cdaec-ad6d-46b2-abdc-7383382635c7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":7,\"w\":48,\"h\":16,\"i\":\"fae63e28-6a3c-4641-94fd-e5b033ac55b9\"},\"panelIndex\":\"fae63e28-6a3c-4641-94fd-e5b033ac55b9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":23,\"w\":48,\"h\":31,\"i\":\"91e35690-24ec-4a13-b791-6146c05a2285\"},\"panelIndex\":\"91e35690-24ec-4a13-b791-6146c05a2285\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"}]", "timeRestore": false, "title": "Security Onion - Osquery", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "bf7cf8d0-7732-11ea-bee5-af7f7c7b8e05", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "df50eba0-6ec0-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "ab47a590-afcc-11ea-b262-353d451b125b", "name": "panel_3", "type": "visualization"}, {"id": "a866be10-0e45-11eb-a255-e1e8e85e3571", "name": "panel_4", "type": "search"}], "sort": [1643385898421, 2569], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDIwLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Software - Log Count Over Time", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Software - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "da4cc2c0-3640-11e7-a6f7-4f44d7bf1c33", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "ba3d77e0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2571], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDIxLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":40,\"x\":0,\"y\":44,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"name\",\"software_type\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":36,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"}]", "timeRestore": false, "title": "z16.04 - Bro - Software", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "c2c99c30-3583-11e7-a588-05992195c551", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "da4cc2c0-3640-11e7-a6f7-4f44d7bf1c33", "name": "panel_1", "type": "visualization"}, {"id": "ba3d77e0-342e-11e7-9e93-53b62e1857b2", "name": "panel_2", "type": "search"}, {"id": "AWDHEKJUxQT5EBNmq4jW", "name": "panel_3", "type": "visualization"}, {"id": "9b0f6a80-4c7a-11e8-9b0a-f1d33346f773", "name": "panel_4", "type": "visualization"}], "sort": [1643385898421, 2577], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDIyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "Connections - Protocol (Bar Chart)", "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", "version": 1, "visState": "{\"title\":\"Connections - Protocol (Bar Chart)\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Protocol\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"protocol.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "c3152010-3673-11e7-8c78-e3086faf385c", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2579], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDIzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - MySQL - Success", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - MySQL - Success\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "ec40c5e0-75c0-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2581], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDI0LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"event.dataset:mysql\",\"language\":\"kuery\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"b08e3120-b482-4817-b3e9-f521f5acd8f2\"},\"panelIndex\":\"b08e3120-b482-4817-b3e9-f521f5acd8f2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":9,\"i\":\"e23b2681-5eae-4de6-8933-ba755508ec5b\"},\"panelIndex\":\"e23b2681-5eae-4de6-8933-ba755508ec5b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":9,\"i\":\"53e06ed2-d64f-46dc-b864-5b884a8c53dc\"},\"panelIndex\":\"53e06ed2-d64f-46dc-b864-5b884a8c53dc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":18,\"i\":\"2bfa498b-d0a8-48ee-9a47-bcf288127d2a\"},\"panelIndex\":\"2bfa498b-d0a8-48ee-9a47-bcf288127d2a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":18,\"i\":\"e6a27aaf-ef8d-41a3-aebc-9c26ab2dc189\"},\"panelIndex\":\"e6a27aaf-ef8d-41a3-aebc-9c26ab2dc189\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":18,\"y\":9,\"w\":15,\"h\":18,\"i\":\"e2f6f286-c4ba-4642-b650-366aca2c3d2d\"},\"panelIndex\":\"e2f6f286-c4ba-4642-b650-366aca2c3d2d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":18,\"i\":\"f84a5dbd-d99c-4c24-895f-18f1d419af93\"},\"panelIndex\":\"f84a5dbd-d99c-4c24-895f-18f1d419af93\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":16,\"i\":\"3b2e66eb-aa46-4363-b8ad-efd564b95279\"},\"panelIndex\":\"3b2e66eb-aa46-4363-b8ad-efd564b95279\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":43,\"w\":48,\"h\":29,\"i\":\"fb7962e7-1108-429e-a623-8ece03931e4a\"},\"panelIndex\":\"fb7962e7-1108-429e-a623-8ece03931e4a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]", "timeRestore": false, "title": "Security Onion - MySQL", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "c3ced6d0-75be-11ea-9565-7315f4ee5cac", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "ec40c5e0-75c0-11ea-9565-7315f4ee5cac", "name": "panel_5", "type": "visualization"}, {"id": "1f306f60-75c0-11ea-9565-7315f4ee5cac", "name": "panel_6", "type": "visualization"}, {"id": "3af496e0-75c0-11ea-9565-7315f4ee5cac", "name": "panel_7", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_8", "type": "search"}], "sort": [1643385898421, 2591], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDI1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Bro - Syslog - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Bro - Syslog - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "ca9ffc10-76b5-11e7-94e1-3d2ec4e57ed9", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "269ca380-76b4-11e7-8c3e-cfcdd8c95d87", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2593], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDI2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Bro - Syslog - Protocol", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Bro - Syslog - Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"protocol.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "e9d5ae30-76b6-11e7-94e1-3d2ec4e57ed9", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "269ca380-76b4-11e7-8c3e-cfcdd8c95d87", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2595], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDI3LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":8,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":28,\"h\":24,\"x\":8,\"y\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]", "timeRestore": false, "title": "z16.04 - Bro - Syslog", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "c4bbe040-76b3-11e7-ba96-cba76a1e264d", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "92b202e0-76b4-11e7-94e1-3d2ec4e57ed9", "name": "panel_1", "type": "visualization"}, {"id": "269ca380-76b4-11e7-8c3e-cfcdd8c95d87", "name": "panel_2", "type": "search"}, {"id": "6c60a280-76b5-11e7-94e1-3d2ec4e57ed9", "name": "panel_3", "type": "visualization"}, {"id": "ae4e88b0-76b5-11e7-94e1-3d2ec4e57ed9", "name": "panel_4", "type": "visualization"}, {"id": "ca9ffc10-76b5-11e7-94e1-3d2ec4e57ed9", "name": "panel_5", "type": "visualization"}, {"id": "e9d5ae30-76b6-11e7-94e1-3d2ec4e57ed9", "name": "panel_6", "type": "visualization"}, {"id": "346e5c30-76b7-11e7-94e1-3d2ec4e57ed9", "name": "panel_7", "type": "visualization"}, {"id": "AWDHE-_wxQT5EBNmq4n3", "name": "panel_8", "type": "visualization"}], "sort": [1643385898421, 2605], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDI4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SSH - Authentication Success", "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", "version": 1, "visState": "{\"title\":\"SSH - Authentication Success\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Authentication Success\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"authentication_success.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Authentication Success\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "dcea2790-6e33-11e7-9a19-a5996f8250c6", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c33e7600-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2607], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDI5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "SSH -Server", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SSH -Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "e64833a0-4c7b-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c33e7600-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2609], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDMwLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":32,\"w\":14,\"h\":24,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":22,\"y\":32,\"w\":14,\"h\":24,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":80,\"w\":48,\"h\":24,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":36,\"y\":32,\"w\":12,\"h\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":24,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":28,\"h\":24,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]", "timeRestore": false, "title": "z16.04 - Bro - SSH", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "c6ccfc00-3583-11e7-a588-05992195c551", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "09457310-3641-11e7-a6f7-4f44d7bf1c33", "name": "panel_1", "type": "visualization"}, {"id": "8a60eb50-365f-11e7-8c78-e3086faf385c", "name": "panel_2", "type": "visualization"}, {"id": "9a33f9a0-365f-11e7-8c78-e3086faf385c", "name": "panel_3", "type": "visualization"}, {"id": "c33e7600-342e-11e7-9e93-53b62e1857b2", "name": "panel_4", "type": "search"}, {"id": "54d78f50-6e33-11e7-9a19-a5996f8250c6", "name": "panel_5", "type": "visualization"}, {"id": "dcea2790-6e33-11e7-9a19-a5996f8250c6", "name": "panel_6", "type": "visualization"}, {"id": "2bbdc020-6e34-11e7-9a19-a5996f8250c6", "name": "panel_7", "type": "visualization"}, {"id": "AWDHEYk4xQT5EBNmq4k5", "name": "panel_8", "type": "visualization"}, {"id": "e64833a0-4c7b-11e8-9b0a-f1d33346f773", "name": "panel_9", "type": "visualization"}], "sort": [1643385898421, 2620], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDMxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - HTTP - Count", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - HTTP - Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"}, "coreMigrationVersion": "7.16.2", "id": "c7484350-6eb1-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9ee33aa0-6eb1-11ea-9266-1fd14ca6af34", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2622], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDMyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Zeek - Notice Message", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Zeek - Notice Message\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"notice.message.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"notice.message.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "c8039090-7a84-11ea-9d13-57f5db13d1ed", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2624], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDMzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - RFB - Share Flag", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - RFB - Share Flag\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"rfb.share_flag\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "d5e72b20-75c7-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2626], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDM0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - RFB - Desktop Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - RFB - Desktop Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rfb.desktop.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.desktop.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Desktop Name\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "fe62c910-75c7-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2628], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDM1LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:rfb\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"f64f888f-f9bb-4be1-ab75-80d2a11303ed\"},\"panelIndex\":\"f64f888f-f9bb-4be1-ab75-80d2a11303ed\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"0e12fa96-b29d-4815-ae19-b6e894948597\"},\"panelIndex\":\"0e12fa96-b29d-4815-ae19-b6e894948597\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"7c1a7e05-c37b-4f81-b6b6-b30cfa0897e2\"},\"panelIndex\":\"7c1a7e05-c37b-4f81-b6b6-b30cfa0897e2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"c1bb39f4-4d9f-4154-a131-65e727fc0049\"},\"panelIndex\":\"c1bb39f4-4d9f-4154-a131-65e727fc0049\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"e51c88d1-a11a-4d5f-b5a7-f6ac79b23054\"},\"panelIndex\":\"e51c88d1-a11a-4d5f-b5a7-f6ac79b23054\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":18,\"y\":8,\"w\":14,\"h\":19,\"i\":\"b9412112-bc5a-4b16-ba5e-ded11a0e299d\"},\"panelIndex\":\"b9412112-bc5a-4b16-ba5e-ded11a0e299d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":19,\"i\":\"edfbec77-b174-40ac-9f11-776da22fe82d\"},\"panelIndex\":\"edfbec77-b174-40ac-9f11-776da22fe82d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":24,\"h\":15,\"i\":\"d2d1ebcb-83a9-44ca-80f2-2f0fc2abcecf\"},\"panelIndex\":\"d2d1ebcb-83a9-44ca-80f2-2f0fc2abcecf\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":27,\"w\":12,\"h\":15,\"i\":\"aedad86f-ec5e-4330-bab0-468351eb8355\"},\"panelIndex\":\"aedad86f-ec5e-4330-bab0-468351eb8355\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":15,\"i\":\"8092b313-2e40-47e4-96a2-51086f98e53f\"},\"panelIndex\":\"8092b313-2e40-47e4-96a2-51086f98e53f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":42,\"w\":48,\"h\":29,\"i\":\"630311aa-6915-4543-a10a-2677f3c2f96a\"},\"panelIndex\":\"630311aa-6915-4543-a10a-2677f3c2f96a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"}]", "timeRestore": false, "title": "Security Onion - RFB", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "c8b3c360-75c6-11ea-9565-7315f4ee5cac", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "b2053990-75c7-11ea-9565-7315f4ee5cac", "name": "panel_5", "type": "visualization"}, {"id": "d5e72b20-75c7-11ea-9565-7315f4ee5cac", "name": "panel_6", "type": "visualization"}, {"id": "fe62c910-75c7-11ea-9565-7315f4ee5cac", "name": "panel_7", "type": "visualization"}, {"id": "5dcf09e0-75c8-11ea-9565-7315f4ee5cac", "name": "panel_8", "type": "visualization"}, {"id": "316e90a0-75c8-11ea-9565-7315f4ee5cac", "name": "panel_9", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_10", "type": "search"}], "sort": [1643385898421, 2640], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDM2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - Connection Count", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - Connection Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"}, "coreMigrationVersion": "7.16.2", "id": "c94e2aa0-6e9f-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9b333020-6e9f-11ea-9266-1fd14ca6af34", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2642], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDM3LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:tunnel\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"19aef080-5875-4182-81a8-2a6639c75489\"},\"panelIndex\":\"19aef080-5875-4182-81a8-2a6639c75489\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"70939be7-5bb9-4d13-ab89-683b3eda7a98\"},\"panelIndex\":\"70939be7-5bb9-4d13-ab89-683b3eda7a98\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"21848a06-ca96-4869-b069-7524caf3ae06\"},\"panelIndex\":\"21848a06-ca96-4869-b069-7524caf3ae06\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":10,\"h\":19,\"i\":\"8020a914-8f9f-4bd6-be32-1c6afa27f9e4\"},\"panelIndex\":\"8020a914-8f9f-4bd6-be32-1c6afa27f9e4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":10,\"y\":8,\"w\":10,\"h\":19,\"i\":\"9f72f316-c3a2-4658-8d03-932fa590e216\"},\"panelIndex\":\"9f72f316-c3a2-4658-8d03-932fa590e216\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":20,\"y\":8,\"w\":9,\"h\":19,\"i\":\"fa1bc43a-2be3-4699-97af-677bded82273\"},\"panelIndex\":\"fa1bc43a-2be3-4699-97af-677bded82273\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":29,\"y\":8,\"w\":19,\"h\":19,\"i\":\"7c522eab-36bc-4933-abea-29a4c4a4f918\"},\"panelIndex\":\"7c522eab-36bc-4933-abea-29a4c4a4f918\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":29,\"i\":\"b7799f8a-60c5-4629-9acd-9bbe7ebbac2a\"},\"panelIndex\":\"b7799f8a-60c5-4629-9acd-9bbe7ebbac2a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"}]", "timeRestore": false, "title": "Security Onion - Tunnels", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "c962dd60-75ed-11ea-9565-7315f4ee5cac", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_5", "type": "visualization"}, {"id": "b6120810-75ef-11ea-9565-7315f4ee5cac", "name": "panel_6", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_7", "type": "search"}], "sort": [1643385898421, 2651], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDM4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Weird - Summary", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}", "version": 1, "visState": "{\"title\":\"Weird - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "ca3e57d0-4172-11e7-9850-b78558d0ac17", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "e32d0d50-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2653], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDM5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - DNP3 - FC Reply", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - DNP3 - FC Reply\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dnp3.fc_reply.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dnp3.fc_reply.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"FC Reply\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "cb29fbe0-75b8-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2655], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDQwLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"*\",\"language\":\"lucene\"}}"}, "optionsJSON": "{\"darkTheme\":true}", "panelsJSON": "[{\"version\":\"7.3.0\",\"gridData\":{\"x\":12,\"y\":20,\"w\":24,\"h\":20,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}},\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":12,\"y\":0,\"w\":24,\"h\":20,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":40,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":40,\"w\":48,\"h\":24,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_3\"}]", "timeRestore": false, "title": "Connections - Top Source IPs", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "cb367060-3b04-11e7-a83b-b1b4da7d15f4", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "8261cf00-366e-11e7-8c78-e3086faf385c", "name": "panel_0", "type": "visualization"}, {"id": "28c27f80-3b05-11e7-a83b-b1b4da7d15f4", "name": "panel_1", "type": "visualization"}, {"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_2", "type": "visualization"}, {"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "panel_3", "type": "search"}], "sort": [1643385898421, 2660], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDQxLDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"851cf638-4ae4-45ad-b7ad-e97c0926b6a3": {"columnOrder": ["558ae3ab-245f-4076-9b88-155e26219823", "01fd47d1-6f20-44f0-afb6-2850548061f8"], "columns": {"01fd47d1-6f20-44f0-afb6-2850548061f8": {"dataType": "number", "isBucketed": false, "label": "Count of records", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "558ae3ab-245f-4076-9b88-155e26219823": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "Endgame - Event Actions", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "01fd47d1-6f20-44f0-afb6-2850548061f8", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 5}, "scale": "ordinal", "sourceField": "event.action"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": ""}, "visualization": {"layers": [{"categoryDisplay": "default", "groups": ["558ae3ab-245f-4076-9b88-155e26219823"], "layerId": "851cf638-4ae4-45ad-b7ad-e97c0926b6a3", "layerType": "data", "legendDisplay": "show", "metric": "01fd47d1-6f20-44f0-afb6-2850548061f8", "nestedLegend": false, "numberDisplay": "percent"}], "shape": "pie"}}, "title": "Endgame - Event Actions Graph", "visualizationType": "lnsPie"}, "coreMigrationVersion": "7.16.2", "id": "cb421a30-6252-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-851cf638-4ae4-45ad-b7ad-e97c0926b6a3", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 2664], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDQyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SSL - Source IP Address", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SSL - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "db570800-365a-11e7-8bd0-1db2c55fb7a1", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c8f21de0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2666], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDQzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "SSL - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SSL - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "f0700840-365a-11e7-8bd0-1db2c55fb7a1", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c8f21de0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2668], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDQ0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "SSL - Summary", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"SSL - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_common_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Common Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"validation_status.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"version.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"TLS Version\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "ebec2ea0-4c7c-11e8-9b0a-f1d33346f773", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "c8f21de0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2670], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDQ1LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":80,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":104,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":104,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":24,\"x\":16,\"y\":104,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":56,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":8,\"y\":8,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":72,\"x\":0,\"y\":128,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":56,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":32,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_12\"}]", "timeRestore": false, "title": "z16.04 - Bro - SSL", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "cca67b60-3583-11e7-a588-05992195c551", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "6139edd0-3641-11e7-a6f7-4f44d7bf1c33", "name": "panel_1", "type": "visualization"}, {"id": "3753e110-365a-11e7-bf60-314364dd1cde", "name": "panel_2", "type": "visualization"}, {"id": "02699580-365a-11e7-bf60-314364dd1cde", "name": "panel_3", "type": "visualization"}, {"id": "db570800-365a-11e7-8bd0-1db2c55fb7a1", "name": "panel_4", "type": "visualization"}, {"id": "f0700840-365a-11e7-8bd0-1db2c55fb7a1", "name": "panel_5", "type": "visualization"}, {"id": "21d090d0-365b-11e7-8bd0-1db2c55fb7a1", "name": "panel_6", "type": "visualization"}, {"id": "53ac63e0-365b-11e7-8bd0-1db2c55fb7a1", "name": "panel_7", "type": "visualization"}, {"id": "ae959820-365c-11e7-8bd0-1db2c55fb7a1", "name": "panel_8", "type": "visualization"}, {"id": "c8f21de0-342e-11e7-9e93-53b62e1857b2", "name": "panel_9", "type": "search"}, {"id": "23d22bd0-70b4-11e7-810e-2bafe9e41c10", "name": "panel_10", "type": "visualization"}, {"id": "AWDHElRWxQT5EBNmq4lz", "name": "panel_11", "type": "visualization"}, {"id": "ebec2ea0-4c7c-11e8-9b0a-f1d33346f773", "name": "panel_12", "type": "visualization"}], "sort": [1643385898421, 2684], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDQ2LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.3.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"mapCenter\":[24.846565348219734,0.087890625],\"mapZoom\":2,\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]", "timeRestore": false, "title": "Connections - Destination - Sum of Total Bytes", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "ccfcc540-4638-11e7-a82e-d97152153689", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "1342e630-4632-11e7-9903-85f789353078", "name": "panel_0", "type": "visualization"}, {"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_1", "type": "visualization"}], "sort": [1643385898421, 2687], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDQ3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Strelka - File - Entropy", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"desc\"}}}}", "version": 1, "visState": "{\"title\":\"Strelka - File - Entropy\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"scan.entropy.entropy\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Entropy\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "ce9e03f0-772c-11ea-bee5-af7f7c7b8e05", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2689], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDQ4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SIP - Warning", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - SIP - Warning\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.warning.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.warning.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Warning\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "cf56b070-75ca-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2691], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDQ5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Endgame - All Logs (copy)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Endgame - All Logs\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"}, "coreMigrationVersion": "7.16.2", "id": "d43f0350-6347-11ec-864c-8b5450f97635", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "endgame-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 2694], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDUwLDE1XQ=="} +{"attributes": {"description": "", "state": {"datasourceStates": {"indexpattern": {"layers": {"851cf638-4ae4-45ad-b7ad-e97c0926b6a3": {"columnOrder": ["558ae3ab-245f-4076-9b88-155e26219823", "01fd47d1-6f20-44f0-afb6-2850548061f8"], "columns": {"01fd47d1-6f20-44f0-afb6-2850548061f8": {"dataType": "number", "isBucketed": false, "label": "Count of records", "operationType": "count", "scale": "ratio", "sourceField": "Records"}, "558ae3ab-245f-4076-9b88-155e26219823": {"customLabel": true, "dataType": "string", "isBucketed": true, "label": "Endgame - Event Categories", "operationType": "terms", "params": {"missingBucket": false, "orderBy": {"columnId": "01fd47d1-6f20-44f0-afb6-2850548061f8", "type": "column"}, "orderDirection": "desc", "otherBucket": true, "size": 5}, "scale": "ordinal", "sourceField": "event.category"}}, "incompleteColumns": {}}}}}, "filters": [], "query": {"language": "kuery", "query": ""}, "visualization": {"layers": [{"categoryDisplay": "default", "groups": ["558ae3ab-245f-4076-9b88-155e26219823"], "layerId": "851cf638-4ae4-45ad-b7ad-e97c0926b6a3", "layerType": "data", "legendDisplay": "default", "metric": "01fd47d1-6f20-44f0-afb6-2850548061f8", "nestedLegend": false, "numberDisplay": "percent"}], "shape": "pie"}}, "title": "Endgame - Event Categories Graph", "visualizationType": "lnsPie"}, "coreMigrationVersion": "7.16.2", "id": "d58d6c40-624a-11ec-864c-8b5450f97635", "migrationVersion": {"lens": "7.16.0"}, "references": [{"id": "endgame-*", "name": "indexpattern-datasource-current-indexpattern", "type": "index-pattern"}, {"id": "endgame-*", "name": "indexpattern-datasource-layer-851cf638-4ae4-45ad-b7ad-e97c0926b6a3", "type": "index-pattern"}, {"id": "41a5e270-53b1-11ec-b3ef-6bcc33056a36", "name": "tag-ref-41a5e270-53b1-11ec-b3ef-6bcc33056a36", "type": "tag"}], "sort": [1643385898421, 2698], "type": "lens", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDUxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Tunnels - Log Count Over TIme", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Tunnels - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "e89c9700-3641-11e7-a6f7-4f44d7bf1c33", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d26d5510-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2700], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDUyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Tunnels - Country", "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", "version": 1, "visState": "{\"title\":\"Tunnels - Country\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Country\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "f60e0c40-6e34-11e7-9a19-a5996f8250c6", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d26d5510-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2702], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDUzLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":20,\"x\":28,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":48,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":48,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":72,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":20,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":20,\"x\":8,\"y\":28,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":48,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]", "timeRestore": false, "title": "z16.04 - Bro - Tunnels", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "d7b54ae0-3583-11e7-a588-05992195c551", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "e89c9700-3641-11e7-a6f7-4f44d7bf1c33", "name": "panel_1", "type": "visualization"}, {"id": "43b2b040-3807-11e7-a1cc-ebc6a7e70e84", "name": "panel_2", "type": "visualization"}, {"id": "26457730-3808-11e7-a1cc-ebc6a7e70e84", "name": "panel_3", "type": "visualization"}, {"id": "3cdf2400-3808-11e7-a1cc-ebc6a7e70e84", "name": "panel_4", "type": "visualization"}, {"id": "d26d5510-342e-11e7-9e93-53b62e1857b2", "name": "panel_5", "type": "search"}, {"id": "f60e0c40-6e34-11e7-9a19-a5996f8250c6", "name": "panel_6", "type": "visualization"}, {"id": "33b39a60-6e35-11e7-9a19-a5996f8250c6", "name": "panel_7", "type": "visualization"}, {"id": "53824da0-6e35-11e7-9a19-a5996f8250c6", "name": "panel_8", "type": "visualization"}, {"id": "AWDHFYrqxQT5EBNmq4qT", "name": "panel_9", "type": "visualization"}], "sort": [1643385898421, 2713], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDU0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"event_type:bro_conn\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Connections - Service", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Connections - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "d7d3dda0-54b9-11e9-a48f-b7dfb1d0f288", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "*:logstash-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2715], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDU1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SSL - Server Name", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - SSL - Server Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.server_name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssl.server_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Name\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "db4dc4a0-75ec-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2717], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDU2LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - Network Datasets", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Network Datasets\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Dataset\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"event.module.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.dataset.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.module.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Module\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "dbe4cc20-6ea7-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "387f44c0-6ea7-11ea-9266-1fd14ca6af34", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2719], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDU3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "Weird - Destination Port", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Weird - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "dbfe2f00-6e35-11e7-9a19-a5996f8250c6", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "e32d0d50-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2721], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDU4LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "DNS - Queries", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DNS - Queries\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "dcda5680-2927-11e8-b2a2-09f3986ae284", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d46522e0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2723], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDU5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SIP - URI", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - SIP - URI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.uri.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "f63cba40-75ca-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2725], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDYwLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:sip\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"1e84368a-ad74-4d57-9793-5c9ce813045b\"},\"panelIndex\":\"1e84368a-ad74-4d57-9793-5c9ce813045b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"304e7cd2-dc4f-4bf4-b1fe-747091d61b67\"},\"panelIndex\":\"304e7cd2-dc4f-4bf4-b1fe-747091d61b67\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"e87052bf-935e-421b-8208-e798a37edf69\"},\"panelIndex\":\"e87052bf-935e-421b-8208-e798a37edf69\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"b2055759-c7fd-43ab-8613-6031e8e148d3\"},\"panelIndex\":\"b2055759-c7fd-43ab-8613-6031e8e148d3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"a303da32-bd43-45a5-acbf-093478d734f9\"},\"panelIndex\":\"a303da32-bd43-45a5-acbf-093478d734f9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":18,\"y\":8,\"w\":8,\"h\":19,\"i\":\"d8632aad-86f0-4290-9480-75ec477ae4cd\"},\"panelIndex\":\"d8632aad-86f0-4290-9480-75ec477ae4cd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":26,\"y\":8,\"w\":8,\"h\":19,\"i\":\"ee3b0df5-4a03-470b-9d26-4eedf4f8b8d6\"},\"panelIndex\":\"ee3b0df5-4a03-470b-9d26-4eedf4f8b8d6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":34,\"y\":8,\"w\":14,\"h\":19,\"i\":\"dbe534a3-1a06-4185-b78a-293d7ec848c4\"},\"panelIndex\":\"dbe534a3-1a06-4185-b78a-293d7ec848c4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":12,\"h\":17,\"i\":\"45de60a4-61ab-4b78-8cc7-5a783070c9be\"},\"panelIndex\":\"45de60a4-61ab-4b78-8cc7-5a783070c9be\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":12,\"y\":27,\"w\":12,\"h\":17,\"i\":\"9cb368f2-b652-4dc9-8427-b88a592e8361\"},\"panelIndex\":\"9cb368f2-b652-4dc9-8427-b88a592e8361\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":27,\"w\":24,\"h\":17,\"i\":\"b78c61e2-61c3-4c43-94d9-c3971ee375be\"},\"panelIndex\":\"b78c61e2-61c3-4c43-94d9-c3971ee375be\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":44,\"w\":48,\"h\":29,\"i\":\"ba5c8087-cf68-4a4c-9800-05731dca2608\"},\"panelIndex\":\"ba5c8087-cf68-4a4c-9800-05731dca2608\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"}]", "timeRestore": false, "title": "Security Onion - SIP", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "dd98e260-75c6-11ea-9565-7315f4ee5cac", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "272b8ab0-75ca-11ea-9565-7315f4ee5cac", "name": "panel_5", "type": "visualization"}, {"id": "9ff24600-75ca-11ea-9565-7315f4ee5cac", "name": "panel_6", "type": "visualization"}, {"id": "f63cba40-75ca-11ea-9565-7315f4ee5cac", "name": "panel_7", "type": "visualization"}, {"id": "49384710-75ca-11ea-9565-7315f4ee5cac", "name": "panel_8", "type": "visualization"}, {"id": "81a1a740-75ca-11ea-9565-7315f4ee5cac", "name": "panel_9", "type": "visualization"}, {"id": "cf56b070-75ca-11ea-9565-7315f4ee5cac", "name": "panel_10", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_11", "type": "search"}], "sort": [1643385898421, 2738], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDYxLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":80,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":32,\"w\":14,\"h\":24,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":22,\"y\":32,\"w\":14,\"h\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":24,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":80,\"w\":48,\"h\":24,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":56,\"w\":40,\"h\":24,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}},\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":36,\"y\":32,\"w\":12,\"h\":24,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":24,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]", "timeRestore": false, "title": "z16.04 - Bro - Weird", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "de2da250-3583-11e7-a588-05992195c551", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "0dbcade0-3642-11e7-a6f7-4f44d7bf1c33", "name": "panel_1", "type": "visualization"}, {"id": "1b837b00-364e-11e7-9dc3-d35061cb642d", "name": "panel_2", "type": "visualization"}, {"id": "312cd460-364e-11e7-9dc3-d35061cb642d", "name": "panel_3", "type": "visualization"}, {"id": "8dbbbed0-364e-11e7-9dc3-d35061cb642d", "name": "panel_4", "type": "visualization"}, {"id": "e32d0d50-342e-11e7-9e93-53b62e1857b2", "name": "panel_5", "type": "search"}, {"id": "ca3e57d0-4172-11e7-9850-b78558d0ac17", "name": "panel_6", "type": "visualization"}, {"id": "dbfe2f00-6e35-11e7-9a19-a5996f8250c6", "name": "panel_7", "type": "visualization"}, {"id": "AWDHGXk-xQT5EBNmq4uf", "name": "panel_8", "type": "visualization"}, {"id": "691ade50-4c85-11e8-9b0a-f1d33346f773", "name": "panel_9", "type": "visualization"}], "sort": [1643385898421, 2749], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDYyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Hash - SSDeep", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Hash - SSDeep\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Hash\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hash.ssdeep.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SSDeep\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "e087c7d0-772d-11ea-bee5-af7f7c7b8e05", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2751], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDYzLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":63,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":63,\"w\":16,\"h\":28,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":63,\"w\":16,\"h\":28,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":91,\"w\":16,\"h\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":16,\"y\":91,\"w\":16,\"h\":24,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":32,\"y\":91,\"w\":16,\"h\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":8,\"w\":18,\"h\":16,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":32,\"w\":40,\"h\":31,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":115,\"w\":48,\"h\":24,\"i\":\"25\"},\"panelIndex\":\"25\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":24,\"w\":18,\"h\":8,\"i\":\"26\"},\"panelIndex\":\"26\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"29\"},\"panelIndex\":\"29\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":32,\"y\":63,\"w\":16,\"h\":28,\"i\":\"31\"},\"panelIndex\":\"31\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":22,\"h\":24,\"i\":\"32\"},\"panelIndex\":\"32\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"}]", "timeRestore": false, "title": "z16.04 - Bro - Connections", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "e0a34b90-34e6-11e7-9118-45bd317f0ca4", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "2da139c0-34e7-11e7-9118-45bd317f0ca4", "name": "panel_1", "type": "visualization"}, {"id": "8261cf00-366e-11e7-8c78-e3086faf385c", "name": "panel_2", "type": "visualization"}, {"id": "9a54f150-366e-11e7-8c78-e3086faf385c", "name": "panel_3", "type": "visualization"}, {"id": "296823d0-366f-11e7-8c78-e3086faf385c", "name": "panel_4", "type": "visualization"}, {"id": "b50912f0-366f-11e7-8c78-e3086faf385c", "name": "panel_5", "type": "visualization"}, {"id": "05088150-3670-11e7-8c78-e3086faf385c", "name": "panel_6", "type": "visualization"}, {"id": "c3152010-3673-11e7-8c78-e3086faf385c", "name": "panel_7", "type": "visualization"}, {"id": "13fe29c0-3b17-11e7-b871-5f76306b9694", "name": "panel_8", "type": "visualization"}, {"id": "9bf42190-342d-11e7-9e93-53b62e1857b2", "name": "panel_9", "type": "search"}, {"id": "25ce6eb0-463b-11e7-a82e-d97152153689", "name": "panel_10", "type": "visualization"}, {"id": "AWDG71xFxQT5EBNmq336", "name": "panel_11", "type": "visualization"}, {"id": "bc7fbe00-4a44-11e8-9b0a-f1d33346f773", "name": "panel_12", "type": "visualization"}, {"id": "d7d3dda0-54b9-11e9-a48f-b7dfb1d0f288", "name": "panel_13", "type": "visualization"}], "sort": [1643385898421, 2766], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDY0LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "DNS - Destination Port (Horizontal Bar Chart)", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"DNS - Destination Port (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "e3717d80-6e0f-11e7-8624-1fb07dd76c6a", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d46522e0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2768], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDY1LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[]}"}, "savedSearchRefName": "search_0", "title": "X.509 - Certificate Subject", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"X.509 - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_subject.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}"}, "coreMigrationVersion": "7.16.2", "id": "fab4b560-37d8-11e7-9efb-91e89505091f", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "f5038cc0-342e-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2770], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDY2LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\",\"time_zone\":\"America/New_York\"}},\"language\":\"lucene\"},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":68,\"x\":0,\"y\":96,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"columns\":[\"certificate_subject\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":20,\"x\":8,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":48,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":72,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":20,\"x\":28,\"y\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":40,\"h\":20,\"x\":8,\"y\":28,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"}]", "timeRestore": false, "title": "z16.04 - Bro - X.509", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "e5aa7170-3583-11e7-a588-05992195c551", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "41bee360-3642-11e7-a6f7-4f44d7bf1c33", "name": "panel_1", "type": "visualization"}, {"id": "f5038cc0-342e-11e7-9e93-53b62e1857b2", "name": "panel_2", "type": "search"}, {"id": "738127f0-37d7-11e7-9efb-91e89505091f", "name": "panel_3", "type": "visualization"}, {"id": "fab4b560-37d8-11e7-9efb-91e89505091f", "name": "panel_4", "type": "visualization"}, {"id": "0a5f7b30-37d9-11e7-9efb-91e89505091f", "name": "panel_5", "type": "visualization"}, {"id": "150f7280-6e37-11e7-a8d6-ed2e692de531", "name": "panel_6", "type": "visualization"}, {"id": "446e85c0-6e37-11e7-a8d6-ed2e692de531", "name": "panel_7", "type": "visualization"}, {"id": "AWDHGklsxQT5EBNmq4wG", "name": "panel_8", "type": "visualization"}], "sort": [1643385898421, 2780], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDY3LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Host - Domain", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - Host - Domain\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Domain\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "e80aa100-7375-11ea-a3da-cbdb4f8a90c0", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2782], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDY4LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.3.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"mapCenter\":[39.639537564366684,0.17578125],\"mapZoom\":2,\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]", "timeRestore": false, "title": "Connections - Destination - Top Connection Duration", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "ea211360-46c4-11e7-a82e-d97152153689", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f7492d0-46c4-11e7-a82e-d97152153689", "name": "panel_0", "type": "visualization"}, {"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_1", "type": "visualization"}], "sort": [1643385898421, 2785], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDY5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "savedSearchRefName": "search_0", "title": "DNS - Answers", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"DNS - Answers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"answers.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "ff2af9b0-2927-11e8-b2a2-09f3986ae284", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "d46522e0-342d-11e7-9e93-53b62e1857b2", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2787], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDcwLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/New_York\"}}},\"filter\":[]}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":68,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":44,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":44,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":92,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":48,\"h\":64,\"x\":0,\"y\":116,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":12,\"x\":32,\"y\":44,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"vis\":null,\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":12,\"x\":32,\"y\":56,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{\"vis\":null,\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":68,\"i\":\"24\"},\"panelIndex\":\"24\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":68,\"i\":\"25\"},\"panelIndex\":\"25\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":20,\"i\":\"26\"},\"panelIndex\":\"26\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":20,\"i\":\"27\"},\"panelIndex\":\"27\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_14\"},{\"version\":\"7.9.0\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":20,\"i\":\"28\"},\"panelIndex\":\"28\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_15\"}]", "timeRestore": false, "title": "z16.04 - Bro - DNS", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "ebf5ec90-34bf-11e7-9b32-bb903919ead9", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "6ef90c30-34c0-11e7-9b32-bb903919ead9", "name": "panel_1", "type": "visualization"}, {"id": "57a9a3f0-34c0-11e7-9b32-bb903919ead9", "name": "panel_2", "type": "visualization"}, {"id": "45a652b0-34c1-11e7-917c-af7a9d11771a", "name": "panel_3", "type": "visualization"}, {"id": "e8e3b8a0-34c1-11e7-917c-af7a9d11771a", "name": "panel_4", "type": "visualization"}, {"id": "1ecdd2e0-34c0-11e7-9b32-bb903919ead9", "name": "panel_5", "type": "visualization"}, {"id": "d46522e0-342d-11e7-9e93-53b62e1857b2", "name": "panel_6", "type": "search"}, {"id": "e3717d80-6e0f-11e7-8624-1fb07dd76c6a", "name": "panel_7", "type": "visualization"}, {"id": "4d89e140-6f09-11e7-9d31-23c0596994a7", "name": "panel_8", "type": "visualization"}, {"id": "74861280-6f06-11e7-b253-211f64f37eda", "name": "panel_9", "type": "visualization"}, {"id": "AWDG9Qx0xQT5EBNmq3_2", "name": "panel_10", "type": "visualization"}, {"id": "dcda5680-2927-11e8-b2a2-09f3986ae284", "name": "panel_11", "type": "visualization"}, {"id": "ff2af9b0-2927-11e8-b2a2-09f3986ae284", "name": "panel_12", "type": "visualization"}, {"id": "22f7de30-4949-11e8-9576-313be7c6b44b", "name": "panel_13", "type": "visualization"}, {"id": "0c338e50-4a4e-11e8-9b0a-f1d33346f773", "name": "panel_14", "type": "visualization"}, {"id": "49e04860-4a4e-11e8-9b0a-f1d33346f773", "name": "panel_15", "type": "visualization"}], "sort": [1643385898421, 2804], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDcxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - SMB - File System", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - SMB - File System\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"smb.file_system.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smb.file_system.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File System\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "ed215680-75ef-11ea-9565-7315f4ee5cac", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2806], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDcyLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.3.0\",\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false},\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":51,\"i\":\"4\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":22,\"i\":\"6\",\"w\":48,\"x\":0,\"y\":51},\"panelIndex\":\"6\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"],\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":17,\"i\":\"12\",\"w\":20,\"x\":8,\"y\":34},\"panelIndex\":\"12\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"title\":\"NIDS Alert - Source Port\",\"panelRefName\":\"panel_3\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":8,\"i\":\"16\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"16\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}},\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":17,\"i\":\"18\",\"w\":20,\"x\":28,\"y\":34},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"NIDS Alert - Destination Port\",\"panelRefName\":\"panel_5\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":16,\"i\":\"19\",\"w\":40,\"x\":8,\"y\":18},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"NIDS - Alert Summary \",\"panelRefName\":\"panel_6\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":10,\"i\":\"20\",\"w\":17,\"x\":8,\"y\":8},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"NIDS - Alert Title\",\"panelRefName\":\"panel_7\"},{\"version\":\"7.3.0\",\"gridData\":{\"h\":10,\"i\":\"21\",\"w\":23,\"x\":25,\"y\":8},\"panelIndex\":\"21\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"NIDS - Rule Signature\",\"panelRefName\":\"panel_8\"}]", "timeRestore": false, "title": "NIDS - SID Drilldown", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "ed6f7e20-e060-11e9-8f0c-2ddbf5ed9290", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "d58ec1a0-34e4-11e7-9669-7f1d3242b798", "name": "panel_0", "type": "visualization"}, {"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_1", "type": "visualization"}, {"id": "9a5a35c0-342f-11e7-9e93-53b62e1857b2", "name": "panel_2", "type": "search"}, {"id": "620283e0-3af5-11e7-a83b-b1b4da7d15f4", "name": "panel_3", "type": "visualization"}, {"id": "AWDG3ym0xQT5EBNmq3mG", "name": "panel_4", "type": "visualization"}, {"id": "3f040620-4a44-11e8-9b0a-f1d33346f773", "name": "panel_5", "type": "visualization"}, {"id": "3a1b54b0-e061-11e9-8f0c-2ddbf5ed9290", "name": "panel_6", "type": "visualization"}, {"id": "1b3faca0-e064-11e9-8f0c-2ddbf5ed9290", "name": "panel_7", "type": "visualization"}, {"id": "6533dd40-e064-11e9-8f0c-2ddbf5ed9290", "name": "panel_8", "type": "visualization"}], "sort": [1643385898421, 2816], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDczLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - HTTP - Version", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - HTTP - Version\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "ede56800-6ed7-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9ee33aa0-6eb1-11ea-9266-1fd14ca6af34", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2818], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDc0LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:ssl\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"7ba54e84-e774-489e-b4e5-156bff163007\"},\"panelIndex\":\"7ba54e84-e774-489e-b4e5-156bff163007\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"83706228-debf-441c-ab7f-2e20c91ec132\"},\"panelIndex\":\"83706228-debf-441c-ab7f-2e20c91ec132\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"e06b2a92-d78b-4d77-9948-40a96a630656\"},\"panelIndex\":\"e06b2a92-d78b-4d77-9948-40a96a630656\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":20,\"i\":\"6f2ba042-522e-43a3-8b9f-0d00e1b60070\"},\"panelIndex\":\"6f2ba042-522e-43a3-8b9f-0d00e1b60070\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":9,\"y\":8,\"w\":10,\"h\":20,\"i\":\"f9b0f61d-4ff7-4bfb-a210-61ac7c07407a\"},\"panelIndex\":\"f9b0f61d-4ff7-4bfb-a210-61ac7c07407a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":19,\"y\":8,\"w\":11,\"h\":20,\"i\":\"19764782-13cb-4b14-b272-d30fbdead5a2\"},\"panelIndex\":\"19764782-13cb-4b14-b272-d30fbdead5a2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":30,\"y\":8,\"w\":18,\"h\":20,\"i\":\"8e0caa58-2dba-4d73-bf54-2c5452b7e5ff\"},\"panelIndex\":\"8e0caa58-2dba-4d73-bf54-2c5452b7e5ff\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":28,\"w\":48,\"h\":21,\"i\":\"a804d523-cf9b-47f1-85ca-4931defc69ce\"},\"panelIndex\":\"a804d523-cf9b-47f1-85ca-4931defc69ce\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":49,\"w\":48,\"h\":21,\"i\":\"6ce88ef8-a636-4f1c-85e9-922ab70a500f\"},\"panelIndex\":\"6ce88ef8-a636-4f1c-85e9-922ab70a500f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":70,\"w\":48,\"h\":29,\"i\":\"75b95d1d-98a0-4d86-b72b-1ecc6f5d7c5a\"},\"panelIndex\":\"75b95d1d-98a0-4d86-b72b-1ecc6f5d7c5a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]", "timeRestore": false, "title": "Security Onion - SSL", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "efae8de0-75eb-11ea-9565-7315f4ee5cac", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "db4dc4a0-75ec-11ea-9565-7315f4ee5cac", "name": "panel_5", "type": "visualization"}, {"id": "b8371250-75ec-11ea-9565-7315f4ee5cac", "name": "panel_6", "type": "visualization"}, {"id": "4e8cbf80-75ec-11ea-9565-7315f4ee5cac", "name": "panel_7", "type": "visualization"}, {"id": "6fccb600-75ec-11ea-9565-7315f4ee5cac", "name": "panel_8", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_9", "type": "search"}], "sort": [1643385898421, 2829], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDc1LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"}, "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.3.0\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.3.0\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"mapCenter\":[24.84656534821976,0.17578125],\"mapZoom\":2,\"enhancements\":{}},\"panelRefName\":\"panel_1\"}]", "timeRestore": false, "title": "Connections - Source - Sum of Total Bytes", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "f042ad60-46c6-11e7-946f-1bfb1be7c36b", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "b3b449d0-3429-11e7-9d52-4f090484f59e", "name": "panel_0", "type": "visualization"}, {"id": "1156b1e0-46c7-11e7-946f-1bfb1be7c36b", "name": "panel_1", "type": "visualization"}], "sort": [1643385898421, 2851], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDg3LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:smb*\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"4f0e2e7d-aeee-4de8-82f0-9faffa596a05\"},\"panelIndex\":\"4f0e2e7d-aeee-4de8-82f0-9faffa596a05\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"efd2f5f0-c795-41e8-b0d7-7a3012e04d4d\"},\"panelIndex\":\"efd2f5f0-c795-41e8-b0d7-7a3012e04d4d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"c4342fbe-e949-42d7-959c-c1ce6978033a\"},\"panelIndex\":\"c4342fbe-e949-42d7-959c-c1ce6978033a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"f59a811c-5a72-4337-84bd-32a5d1dce308\"},\"panelIndex\":\"f59a811c-5a72-4337-84bd-32a5d1dce308\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"5bb49dfa-0703-448b-a249-6cebb45e101c\"},\"panelIndex\":\"5bb49dfa-0703-448b-a249-6cebb45e101c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":18,\"y\":8,\"w\":10,\"h\":19,\"i\":\"4f886675-43c8-46c9-a471-717010d40e67\"},\"panelIndex\":\"4f886675-43c8-46c9-a471-717010d40e67\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":28,\"y\":8,\"w\":10,\"h\":19,\"i\":\"f00a4afd-cd5f-48a4-a8d3-bc80f7367285\"},\"panelIndex\":\"f00a4afd-cd5f-48a4-a8d3-bc80f7367285\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":38,\"y\":8,\"w\":10,\"h\":19,\"i\":\"c88f8f9f-c3d9-43c1-bfb1-bb2b7f64b92f\"},\"panelIndex\":\"c88f8f9f-c3d9-43c1-bfb1-bb2b7f64b92f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":20,\"i\":\"d76e30ec-3114-4100-a806-2a77ba987bbe\"},\"panelIndex\":\"d76e30ec-3114-4100-a806-2a77ba987bbe\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":29,\"i\":\"b48f25cd-4353-46f1-ba89-12da381a65eb\"},\"panelIndex\":\"b48f25cd-4353-46f1-ba89-12da381a65eb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]", "timeRestore": false, "title": "Security Onion - SMB", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "f24d7b80-75c6-11ea-9565-7315f4ee5cac", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "7f822930-6ea4-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "34762420-75f0-11ea-9565-7315f4ee5cac", "name": "panel_5", "type": "visualization"}, {"id": "1c6567b0-75f0-11ea-9565-7315f4ee5cac", "name": "panel_6", "type": "visualization"}, {"id": "ed215680-75ef-11ea-9565-7315f4ee5cac", "name": "panel_7", "type": "visualization"}, {"id": "052df440-75f0-11ea-9565-7315f4ee5cac", "name": "panel_8", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_9", "type": "search"}], "sort": [1643385898421, 2862], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDg4LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.module:playbook AND event.dataset:alert\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":8,\"i\":\"c2172038-7740-458c-977a-98d139c438c2\"},\"panelIndex\":\"c2172038-7740-458c-977a-98d139c438c2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security Onion - Alert Data\",\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":18,\"h\":8,\"i\":\"b18f1671-c1a0-44c8-946b-71bc21e62482\"},\"panelIndex\":\"b18f1671-c1a0-44c8-946b-71bc21e62482\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":26,\"y\":0,\"w\":22,\"h\":8,\"i\":\"b26faccc-11d5-4cc3-8fd2-484b5e3659bc\"},\"panelIndex\":\"b26faccc-11d5-4cc3-8fd2-484b5e3659bc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":26,\"h\":18,\"i\":\"1f88747a-06f5-4450-8d08-150d0cd37667\"},\"panelIndex\":\"1f88747a-06f5-4450-8d08-150d0cd37667\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":26,\"y\":8,\"w\":22,\"h\":18,\"i\":\"0b5a83d1-8f56-4616-b0aa-af25a1995379\"},\"panelIndex\":\"0b5a83d1-8f56-4616-b0aa-af25a1995379\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":26,\"w\":48,\"h\":21,\"i\":\"28431fa5-4ce9-40db-a190-541b3390f9d0\"},\"panelIndex\":\"28431fa5-4ce9-40db-a190-541b3390f9d0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"}]", "timeRestore": false, "title": "Security Onion - Playbook", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "f449f0a0-c77c-11ea-bebb-37c5ab5894ea", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "30df00e0-7733-11ea-bee5-af7f7c7b8e05", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "508fb520-72af-11ea-8dd2-9d8795a1200b", "name": "panel_3", "type": "visualization"}, {"id": "f7e1d570-72ae-11ea-8dd2-9d8795a1200b", "name": "panel_4", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_5", "type": "search"}], "sort": [1643385898421, 2869], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDg5LDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Zeek - Notice Action", "uiStateJSON": "{}", "version": 1, "visState": "{\"title\":\"Security Onion - Zeek - Notice Action\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"notice.p: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"notice.action.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "fafba910-7a84-11ea-9d13-57f5db13d1ed", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2871], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDkwLDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:notice AND event.module:zeek\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3c981b35-b930-4523-bef4-7f5193148816\"},\"panelIndex\":\"3c981b35-b930-4523-bef4-7f5193148816\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":16,\"h\":8,\"i\":\"eb1b234a-2d6b-46af-9afe-a420a389dad1\"},\"panelIndex\":\"eb1b234a-2d6b-46af-9afe-a420a389dad1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":8,\"i\":\"7d323b2f-3502-4397-93fd-b430d9011d92\"},\"panelIndex\":\"7d323b2f-3502-4397-93fd-b430d9011d92\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":8,\"w\":19,\"h\":18,\"i\":\"298b9cf4-5e54-45f5-805c-e04b31044401\"},\"panelIndex\":\"298b9cf4-5e54-45f5-805c-e04b31044401\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":19,\"y\":8,\"w\":29,\"h\":18,\"i\":\"1fa5b7c2-2680-4dd0-9c07-a714d8d8968a\"},\"panelIndex\":\"1fa5b7c2-2680-4dd0-9c07-a714d8d8968a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":26,\"w\":11,\"h\":23,\"i\":\"9056cf20-d882-4316-ba02-91ecbd1d4df9\"},\"panelIndex\":\"9056cf20-d882-4316-ba02-91ecbd1d4df9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":11,\"y\":26,\"w\":11,\"h\":23,\"i\":\"5f855acb-fec5-4155-b2ef-0961a6d9a89c\"},\"panelIndex\":\"5f855acb-fec5-4155-b2ef-0961a6d9a89c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":22,\"y\":26,\"w\":10,\"h\":23,\"i\":\"208bc4b2-013a-4aab-b72c-45a618077791\"},\"panelIndex\":\"208bc4b2-013a-4aab-b72c-45a618077791\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":32,\"y\":26,\"w\":16,\"h\":23,\"i\":\"5429bbba-3d62-4a93-9932-4a2cc4369775\"},\"panelIndex\":\"5429bbba-3d62-4a93-9932-4a2cc4369775\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.9.0\",\"gridData\":{\"x\":0,\"y\":49,\"w\":48,\"h\":20,\"i\":\"e08f3143-7e05-49ab-882f-d63e24e622bb\"},\"panelIndex\":\"e08f3143-7e05-49ab-882f-d63e24e622bb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"}]", "timeRestore": false, "title": "Security Onion - Zeek - Notices", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "fa9ed760-7734-11ea-bee5-af7f7c7b8e05", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "30df00e0-7733-11ea-bee5-af7f7c7b8e05", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "9c6ccff0-7a84-11ea-9d13-57f5db13d1ed", "name": "panel_3", "type": "visualization"}, {"id": "c8039090-7a84-11ea-9d13-57f5db13d1ed", "name": "panel_4", "type": "visualization"}, {"id": "6b18be30-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_5", "type": "visualization"}, {"id": "b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_6", "type": "visualization"}, {"id": "f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b", "name": "panel_7", "type": "visualization"}, {"id": "fafba910-7a84-11ea-9d13-57f5db13d1ed", "name": "panel_8", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_9", "type": "search"}], "sort": [1643385898421, 2882], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDkxLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.module.keyword\",\"negate\":true,\"params\":{\"query\":\"suricata\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.module.keyword\":\"suricata\"}}}]}"}, "savedSearchRefName": "search_0", "title": "Security Onion - Playbook - Rules", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.module.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Module\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rule.name.keyword: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"title\":\"Security Onion - Playbook - Rules\"}"}, "coreMigrationVersion": "7.16.2", "id": "faaf66e0-c77d-11ea-bebb-37c5ab5894ea", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", "type": "index-pattern"}, {"id": "5c3effd0-72ae-11ea-8dd2-9d8795a1200b", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2885], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDkyLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}, "title": "Security Onion - Syslog - Severity (Donut)", "uiStateJSON": "{}", "version": 1, "visState": "{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"syslog.severity_label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"syslog.severity_label: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true},\"title\":\"Security Onion - Syslog - Severity (Donut)\"}"}, "coreMigrationVersion": "7.16.2", "id": "fc8d41a0-777b-11ea-bee5-af7f7c7b8e05", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "logs-*", "name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern"}], "sort": [1643385898421, 2887], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDkzLDE1XQ=="} +{"attributes": {"description": "", "kibanaSavedObjectMeta": {"searchSourceJSON": "{}"}, "savedSearchRefName": "search_0", "title": "Security Onion - Connections - Top Source IPs", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "version": 1, "visState": "{\"title\":\"Security Onion - Connections - Top Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"source.ip: Descending\",\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"}, "coreMigrationVersion": "7.16.2", "id": "fd8b4640-6e9f-11ea-9266-1fd14ca6af34", "migrationVersion": {"visualization": "7.14.0"}, "references": [{"id": "9b333020-6e9f-11ea-9266-1fd14ca6af34", "name": "search_0", "type": "search"}], "sort": [1643385898421, 2889], "type": "visualization", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDk0LDE1XQ=="} +{"attributes": {"description": "", "hits": 0, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"event.module:strelka\"},\"filter\":[]}"}, "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", "panelsJSON": "[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":7,\"i\":\"a2e0a619-a5c5-40d9-8593-e60f13ae22bf\"},\"panelIndex\":\"a2e0a619-a5c5-40d9-8593-e60f13ae22bf\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":21,\"h\":7,\"i\":\"566a9d04-f2dc-4868-9625-97a19d985703\"},\"panelIndex\":\"566a9d04-f2dc-4868-9625-97a19d985703\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":7,\"i\":\"f247ec64-c278-4e05-ac4d-983bea9dfb7d\"},\"panelIndex\":\"f247ec64-c278-4e05-ac4d-983bea9dfb7d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":7,\"w\":12,\"h\":20,\"i\":\"6e80a142-ab0e-4fd3-891c-e495b78a1625\"},\"panelIndex\":\"6e80a142-ab0e-4fd3-891c-e495b78a1625\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":12,\"y\":7,\"w\":11,\"h\":20,\"i\":\"292cc879-6bc0-4541-ba92-3b3c5f4e3368\"},\"panelIndex\":\"292cc879-6bc0-4541-ba92-3b3c5f4e3368\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":7,\"w\":14,\"h\":20,\"i\":\"66979b2c-e7c1-4291-91ac-16537b7f9ec3\"},\"panelIndex\":\"66979b2c-e7c1-4291-91ac-16537b7f9ec3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":37,\"y\":7,\"w\":11,\"h\":20,\"i\":\"8bb1cf98-0401-4a2d-9dd8-deca08205a22\"},\"panelIndex\":\"8bb1cf98-0401-4a2d-9dd8-deca08205a22\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":8,\"h\":20,\"i\":\"393f3cec-3ee0-4275-b319-f307e7a260c6\"},\"panelIndex\":\"393f3cec-3ee0-4275-b319-f307e7a260c6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":27,\"w\":15,\"h\":20,\"i\":\"0e8800a9-a6f5-4a79-8370-61713f584886\"},\"panelIndex\":\"0e8800a9-a6f5-4a79-8370-61713f584886\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":27,\"w\":25,\"h\":20,\"i\":\"be9a0a2a-d8c6-4d15-b5d7-d5599d0482a3\"},\"panelIndex\":\"be9a0a2a-d8c6-4d15-b5d7-d5599d0482a3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":27,\"i\":\"40296d2b-cb6f-423f-989c-3fdaa82d2aad\"},\"panelIndex\":\"40296d2b-cb6f-423f-989c-3fdaa82d2aad\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"}]", "timeRestore": false, "title": "Security Onion - Strelka", "version": 1}, "coreMigrationVersion": "7.16.2", "id": "ff689c50-75f3-11ea-9565-7315f4ee5cac", "migrationVersion": {"dashboard": "7.16.0"}, "references": [{"id": "8cfec8c0-6ec2-11ea-9266-1fd14ca6af34", "name": "panel_0", "type": "visualization"}, {"id": "d04b5130-6e99-11ea-9266-1fd14ca6af34", "name": "panel_1", "type": "visualization"}, {"id": "23ed13a0-6e9a-11ea-9266-1fd14ca6af34", "name": "panel_2", "type": "visualization"}, {"id": "7a88adc0-75f0-11ea-9565-7315f4ee5cac", "name": "panel_3", "type": "visualization"}, {"id": "49cfe850-772c-11ea-bee5-af7f7c7b8e05", "name": "panel_4", "type": "visualization"}, {"id": "70243970-772c-11ea-bee5-af7f7c7b8e05", "name": "panel_5", "type": "visualization"}, {"id": "ce9e03f0-772c-11ea-bee5-af7f7c7b8e05", "name": "panel_6", "type": "visualization"}, {"id": "a7ebb450-772c-11ea-bee5-af7f7c7b8e05", "name": "panel_7", "type": "visualization"}, {"id": "08c0b770-772e-11ea-bee5-af7f7c7b8e05", "name": "panel_8", "type": "visualization"}, {"id": "e087c7d0-772d-11ea-bee5-af7f7c7b8e05", "name": "panel_9", "type": "visualization"}, {"id": "8b6f3150-72a2-11ea-8dd2-9d8795a1200b", "name": "panel_10", "type": "search"}], "sort": [1643385898421, 2901], "type": "dashboard", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDk1LDE1XQ=="} +{"attributes": {"allowNoIndex": true, "fieldFormatMap": "{\"Ransomware.child_processes.pid\":{\"id\":\"string\"},\"Ransomware.pid\":{\"id\":\"string\"},\"Responses.@timestamp\":{\"id\":\"string\"},\"Target.process.parent.pgid\":{\"id\":\"string\"},\"Target.process.parent.pid\":{\"id\":\"string\"},\"Target.process.parent.ppid\":{\"id\":\"string\"},\"Target.process.parent.thread.id\":{\"id\":\"string\"},\"Target.process.pgid\":{\"id\":\"string\"},\"Target.process.pid\":{\"id\":\"string\"},\"Target.process.ppid\":{\"id\":\"string\"},\"Target.process.thread.id\":{\"id\":\"string\"},\"event.sequence\":{\"id\":\"string\"},\"event.severity\":{\"id\":\"string\"},\"process.parent.pgid\":{\"id\":\"string\"},\"process.parent.pid\":{\"id\":\"string\"},\"process.parent.ppid\":{\"id\":\"string\"},\"process.parent.thread.id\":{\"id\":\"string\"},\"process.pgid\":{\"id\":\"string\"},\"process.pid\":{\"id\":\"string\"},\"process.ppid\":{\"id\":\"string\"},\"process.thread.id\":{\"id\":\"string\"},\"threat.enrichments.indicator.file.elf.header.entrypoint\":{\"id\":\"string\"},\"threat.enrichments.indicator.file.elf.sections.chi2\":{\"id\":\"number\"},\"threat.enrichments.indicator.file.elf.sections.entropy\":{\"id\":\"number\"},\"threat.enrichments.indicator.file.elf.sections.physical_size\":{\"id\":\"bytes\"},\"threat.enrichments.indicator.file.elf.sections.virtual_address\":{\"id\":\"string\"},\"threat.enrichments.indicator.file.elf.sections.virtual_size\":{\"id\":\"string\"},\"threat.enrichments.indicator.url.port\":{\"id\":\"string\"},\"threat.indicator.file.elf.header.entrypoint\":{\"id\":\"string\"},\"threat.indicator.file.elf.sections.chi2\":{\"id\":\"number\"},\"threat.indicator.file.elf.sections.entropy\":{\"id\":\"number\"},\"threat.indicator.file.elf.sections.physical_size\":{\"id\":\"bytes\"},\"threat.indicator.file.elf.sections.virtual_address\":{\"id\":\"string\"},\"threat.indicator.file.elf.sections.virtual_size\":{\"id\":\"string\"},\"threat.indicator.url.port\":{\"id\":\"string\"},\"destination.bytes\":{\"id\":\"bytes\"},\"destination.port\":{\"id\":\"string\"},\"http.request.body.bytes\":{\"id\":\"bytes\"},\"http.request.bytes\":{\"id\":\"bytes\"},\"http.response.body.bytes\":{\"id\":\"bytes\"},\"http.response.bytes\":{\"id\":\"bytes\"},\"http.response.status_code\":{\"id\":\"string\"},\"network.bytes\":{\"id\":\"bytes\"},\"source.bytes\":{\"id\":\"bytes\"},\"source.port\":{\"id\":\"string\"}}", "fields": "[{\"name\":\"cloud.account.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.availability_zone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.instance.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.instance.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.machine.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.project.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.image.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.image.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.labels\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.family\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.kernel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.os.platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.containerized\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.dataset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.namespace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"elastic_agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.snapshot\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.dataset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ecs.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.ingested\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.kind\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.outcome\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.sequence\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"related.hosts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"related.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"related.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.as.number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.as.organization.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.dropped_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.error\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.pwd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.home\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.shell\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.api\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.activity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AuthenticationPackageName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Binary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.BitlockerUserInputTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.BootMode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.BootType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.BuildVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CorruptionActionState\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CreationUtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Detail\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DeviceName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DeviceNameLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DeviceTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DeviceVersionMajor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DeviceVersionMinor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DriveName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DriverName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DriverNameLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DwordVal\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.EntryCount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ExtraInfo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.FailureName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.FailureNameLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.FileVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.FinalStatus\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.IdleImplementation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.IdleStateCount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ImpersonationLevel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.IntegrityLevel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.IpAddress\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.IpPort\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.KeyLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LastBootGood\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LastShutdownGood\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LmPackageName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LogonGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LogonProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LogonType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MajorVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MaximumPerformancePercent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MemberName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MemberSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MinimumPerformancePercent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MinimumThrottlePercent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MinorVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewProcessId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSchemeGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NominalFrequency\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSchemeGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OriginalFileName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PerformanceImplementation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PreviousCreationUtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PreviousTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PrivilegeList\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ProcessId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ProcessPath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ProcessPid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PuaCount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PuaPolicyId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.QfeVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SchemaVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ScriptBlockText\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ShutdownActionType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ShutdownEventCode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ShutdownReason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SignatureStatus\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.StartTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.State\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.StopTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubjectDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubjectLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubjectUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubjectUserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TSId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetInfo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetLogonGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetServerName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetUserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TerminalSessionId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TokenElevationType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TransmittedServices\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.UserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Workstation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param4\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param7\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.param8\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.keywords\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.channel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.record_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.related_activity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.opcode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.provider_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.process.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.provider_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.task\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.process.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"input.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"related.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.logon.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.logon.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.logon.failure.reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.logon.failure.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.logon.failure.sub_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.computerObject.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.computerObject.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.computerObject.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccessGranted\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccessList\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccessListDescription\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccessMask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccessMaskDescription\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccessRemoved\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccountDomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccountExpires\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AccountName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AllowedToDelegateTo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AuditPolicyChanges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AuditPolicyChangesDescription\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.AuditSourceName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CallerProcessId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CallerProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CategoryId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ClientAddress\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ClientName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CommandLine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.CrashOnAuditFailValue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DisplayName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DomainBehaviorVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DomainPolicyChanged\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.DomainSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Dummy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.EventSourceId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.FailureReason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.GroupTypeChange\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.HandleId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.HomeDirectory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.HomePath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.KerberosPolicyChange\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LogonHours\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.LogonID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MachineAccountQuota\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MandatoryLabel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.MixedDomainMode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSdDacl0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSdDacl1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSdDacl2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSdSacl0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSdSacl1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewSdSacl2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewTargetUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewUACList\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.NewUacValue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ObjectName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ObjectServer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ObjectType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OemInformation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSdDacl0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSdDacl1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSdDacl2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSdSacl0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSdSacl1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldSdSacl2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldTargetUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.OldUacValue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PackageName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PasswordLastSet\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PasswordHistoryLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ParentProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PreAuthType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.PrimaryGroupId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ProfilePath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ResourceAttributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SamAccountName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ScriptPath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SidHistory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.Service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceAccount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceFileName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceStartType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.ServiceType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SessionName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SidFilteringEnabled\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.StatusDescription\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubCategory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubCategoryGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubcategoryGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubCategoryId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubcategoryId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.SubStatus\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TargetSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TdoAttributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TdoDirection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TdoType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TicketEncryptionType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TicketEncryptionTypeDescription\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TicketOptions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.TicketOptionsDescription\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.UserAccountControl\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.UserParameters\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.UserPrincipalName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.UserWorkstations\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.event_data.WorkstationName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.outcome\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.time_created\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.trustAttribute\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.trustDirection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.trustType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.BackupPath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.Channel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.SubjectDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.SubjectLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.SubjectUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.SubjectUserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.user_data.xml_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"action_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"completed_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.comment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"started_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.action_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.completed_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.data.command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.data.comment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"EndpointActions.started_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.stack_trace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"error.stack_trace.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"error.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.end\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"expiration\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"input_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.expiration\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.input_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"EndpointActions.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Events\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.artifacts.global\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.cross_session\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.feature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.parent_to_child\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.self_injection\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.thread_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Memory_protection.unique_key_v1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.feature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.data\",\"type\":\"binary\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Ransomware.child_processes.files.entropy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.metrics\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.original.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.original.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.files.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.child_processes.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Ransomware.feature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.data\",\"type\":\"binary\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Ransomware.files.entropy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.metrics\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.original.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.original.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.files.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Ransomware.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.action.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.action.field\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Responses.action.state\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Responses.process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.process.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Responses.process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.process.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Responses.result\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Target.dll.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.ancestry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.authentication_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Target.process.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.allocation_base\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.allocation_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.allocation_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.allocation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.bytes_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.bytes_allocation_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.bytes_compressed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"Target.process.Ext.memory_region.bytes_compressed_present\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.all_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.primary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.primary.matches\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"Target.process.Ext.memory_region.malware_signature.primary.signature.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.primary.signature.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.primary.signature.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.primary.signature.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.malware_signature.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.mapped_pe_detected\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.memory_pe_detected\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.region_base\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.region_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.region_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.region_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.memory_region.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"Target.process.Ext.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.services\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.session\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.Ext.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.command_line.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.command_line.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.executable.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.real.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.Ext.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.command_line.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.command_line.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.executable.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.title.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.working_directory.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.parent.working_directory.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.instruction_pointer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.memory_section.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.module_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.rva\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack.symbol_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_final_user_module.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.call_stack_summary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.parameter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.parameter_bytes_compressed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"Target.process.thread.Ext.parameter_bytes_compressed_present\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_allocation_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_bytes_disasm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_bytes_disasm_hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.start_address_module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.Ext.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.title.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"Target.process.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.working_directory.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Target.process.working_directory.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"agent.ephemeral_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dll.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.risk_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.severity\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.entry_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.code_page\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.collection.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.errors.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.errors.error_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.file_extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.project_file.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.raw_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.macro.stream.raw_code_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.original.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.quarantine_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.quarantine_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.quarantine_result\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.temp_file_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.windows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.windows.zone_identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.accessed\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.attributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.ctime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.drive_letter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.mtime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target_path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.target_path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext.variant\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.os.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.full_name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.ancestry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.authentication_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.features\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.allocation_base\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.allocation_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.allocation_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.allocation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.bytes_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.bytes_allocation_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.bytes_compressed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"process.Ext.memory_region.bytes_compressed_present\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.all_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.primary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.primary.matches\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"process.Ext.memory_region.malware_signature.primary.signature.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.primary.signature.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.primary.signature.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.primary.signature.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.malware_signature.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.mapped_pe_detected\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.memory_pe_detected\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.region_base\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.region_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.region_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.region_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.memory_region.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"process.Ext.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.services\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.session\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.executable.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.compile_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.mapped_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.Ext.mapped_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.dll.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.real.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.Ext.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.title.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.parent.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.instruction_pointer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.memory_section.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.memory_section.protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.memory_section.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.module_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.rva\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack.symbol_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_final_user_module.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.call_stack_summary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.parameter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.parameter_bytes_compressed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"process.thread.Ext.parameter_bytes_compressed_present\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_allocation_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_bytes_disasm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_bytes_disasm_hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.start_address_module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.elevation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.elevation_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.impersonation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.integrity_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.integrity_level_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.is_appcontainer\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges.enabled\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.privileges.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.sid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.token.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.Ext.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.title.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"process.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"registry.data.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.author\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.license\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.ruleset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.as.number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.as.organization.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.as.organization.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.confidence\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.email.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.entropy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.entry_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.header_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.header_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.all_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary.matches\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary.signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary.signature.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary.signature.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary.signature.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.primary.signature.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.secondary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.malware_signature.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.monotonic_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.original.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.quarantine_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.quarantine_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.quarantine_result\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.temp_file_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.windows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.Ext.windows.zone_identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.accessed\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.attributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.ctime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.drive_letter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.byte_order\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.cpu_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.exports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.abi_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.entrypoint\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.object_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.os_abi\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.header.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.imports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.chi2\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.entropy\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.physical_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.physical_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.virtual_address\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.sections.virtual_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.segments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.segments.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.segments.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.shared_libraries\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.elf.telfhash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.hash.ssdeep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.mtime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.target_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.target_path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.target_path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.file.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.first_seen\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.hash.ssdeep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.last_seen\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.marking.tlp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.modified_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.data.bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.data.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.data.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.hive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.registry.value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.scanner_stats\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.sightings\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.fragment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.full.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.original.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.scheme\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.url.username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.alternative_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.organizational_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.issuer.state_or_province\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.not_after\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.not_before\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.public_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.public_key_curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.public_key_exponent\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"threat.enrichments.indicator.x509.public_key_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.signature_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.organizational_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.subject.state_or_province\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.indicator.x509.version_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.matched.atomic\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.matched.field\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.matched.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.matched.index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.enrichments.matched.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.framework\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.group.alias\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.group.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.as.number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.as.organization.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.as.organization.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.confidence\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.email.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.code_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.entropy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.entry_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.header_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.header_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.features.data.buffer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.features.data.decompressed_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.features.data.encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.score\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.threshold\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.upx_packed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_classification.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.all_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary.matches\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary.signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary.signature.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary.signature.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary.signature.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.primary.signature.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.secondary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.malware_signature.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.monotonic_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.original.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.quarantine_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.quarantine_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.quarantine_result\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.temp_file_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.windows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.Ext.windows.zone_identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.accessed\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.attributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.ctime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.drive_letter\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.byte_order\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.cpu_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.exports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.abi_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.entrypoint\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.object_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.os_abi\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.header.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.imports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.chi2\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.entropy\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.physical_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.physical_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.virtual_address\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.sections.virtual_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.segments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.segments.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.segments.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.shared_libraries\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.elf.telfhash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.group\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.hash.ssdeep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.mtime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.owner\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.target_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.target_path.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.target_path.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.file.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.first_seen\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.hash.ssdeep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.last_seen\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.marking.tlp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.modified_at\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.data.bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.data.strings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.data.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.hive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.registry.value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.scanner_stats\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.sightings\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.fragment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.full.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.original.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.scheme\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.url.username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.alternative_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.organizational_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.issuer.state_or_province\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.not_after\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.not_before\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.public_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.public_key_curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.public_key_exponent\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"threat.indicator.x509.public_key_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.signature_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.organizational_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.subject.state_or_province\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.indicator.x509.version_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.software.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.software.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.software.platforms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.software.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.software.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.tactic.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.tactic.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.tactic.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.technique.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.subtechnique.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.subtechnique.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"threat.technique.subtechnique.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"threat.technique.subtechnique.reference\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.full_name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"user.group.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.Ext.real\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.Ext.real.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.Ext.real.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"event.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.Ext.correlation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.Ext.correlation.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.entropy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.header_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.header_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.all_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary.matches\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary.signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary.signature.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary.signature.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary.signature.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.primary.signature.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.secondary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.malware_signature.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.Ext.monotonic_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.defense_evasions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dll.Ext.load_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.Ext.options\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.Ext.status\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.question.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.resolved_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.request.body.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.request.body.content\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.request.body.content.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"http.request.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.Ext.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.content\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.content.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"http.response.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.status_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.community_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.iana_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.transport\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"package.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.defense_evasions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.elevation_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.Ext.token.security_attributes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.data.bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.data.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.hive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"registry.key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]", "timeFieldName": "@timestamp", "title": "logs-*"}, "coreMigrationVersion": "7.16.2", "id": "logs-*", "migrationVersion": {"index-pattern": "7.11.0"}, "references": [], "sort": [1643385898421, 2902], "type": "index-pattern", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDk2LDE1XQ=="} +{"attributes": {"allowNoIndex": true, "fieldFormatMap": "{\"system.process.memory.size\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.mem.usage.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.mem.usage.max.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.mem.limit.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.memsw.usage.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.memsw.usage.max.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.memsw.limit.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.kmem.usage.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.kmem.usage.max.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.kmem.limit.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.kmem_tcp.usage.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.kmem_tcp.usage.max.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.kmem_tcp.limit.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.active_anon.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.active_file.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.cache.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.hierarchical_memory_limit.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.hierarchical_memsw_limit.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.inactive_anon.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.inactive_file.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.mapped_file.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.rss.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.rss_huge.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.swap.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.stats.unevictable.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.blkio.total.bytes\":{\"id\":\"bytes\"},\"system.core.user.pct\":{\"id\":\"percent\"},\"system.core.system.pct\":{\"id\":\"percent\"},\"system.core.nice.pct\":{\"id\":\"percent\"},\"system.core.idle.pct\":{\"id\":\"percent\"},\"system.core.iowait.pct\":{\"id\":\"percent\"},\"system.core.irq.pct\":{\"id\":\"percent\"},\"system.core.softirq.pct\":{\"id\":\"percent\"},\"system.core.steal.pct\":{\"id\":\"percent\"},\"host.disk.read.bytes\":{\"id\":\"bytes\"},\"host.disk.write.bytes\":{\"id\":\"bytes\"},\"system.diskio.read.bytes\":{\"id\":\"bytes\"},\"system.diskio.write.bytes\":{\"id\":\"bytes\"},\"system.diskio.iostat.read.per_sec.bytes\":{\"id\":\"bytes\"},\"system.diskio.iostat.write.per_sec.bytes\":{\"id\":\"bytes\"},\"system.diskio.iostat.request.avg_size\":{\"id\":\"bytes\"},\"host.cpu.pct\":{\"id\":\"percent\"},\"system.cpu.user.pct\":{\"id\":\"percent\"},\"system.cpu.system.pct\":{\"id\":\"percent\"},\"system.cpu.nice.pct\":{\"id\":\"percent\"},\"system.cpu.idle.pct\":{\"id\":\"percent\"},\"system.cpu.iowait.pct\":{\"id\":\"percent\"},\"system.cpu.irq.pct\":{\"id\":\"percent\"},\"system.cpu.softirq.pct\":{\"id\":\"percent\"},\"system.cpu.steal.pct\":{\"id\":\"percent\"},\"system.cpu.total.pct\":{\"id\":\"percent\"},\"system.cpu.user.norm.pct\":{\"id\":\"percent\"},\"system.cpu.system.norm.pct\":{\"id\":\"percent\"},\"system.cpu.nice.norm.pct\":{\"id\":\"percent\"},\"system.cpu.idle.norm.pct\":{\"id\":\"percent\"},\"system.cpu.iowait.norm.pct\":{\"id\":\"percent\"},\"system.cpu.irq.norm.pct\":{\"id\":\"percent\"},\"system.cpu.softirq.norm.pct\":{\"id\":\"percent\"},\"system.cpu.steal.norm.pct\":{\"id\":\"percent\"},\"system.cpu.total.norm.pct\":{\"id\":\"percent\"},\"system.filesystem.available\":{\"id\":\"bytes\"},\"system.filesystem.free\":{\"id\":\"bytes\"},\"system.filesystem.total\":{\"id\":\"bytes\"},\"system.filesystem.used.bytes\":{\"id\":\"bytes\"},\"system.filesystem.used.pct\":{\"id\":\"percent\"},\"process.cpu.pct\":{\"id\":\"percent\"},\"process.memory.pct\":{\"id\":\"percent\"},\"system.process.cpu.total.pct\":{\"id\":\"percent\"},\"system.process.cpu.total.norm.pct\":{\"id\":\"percent\"},\"system.process.memory.rss.bytes\":{\"id\":\"bytes\"},\"system.process.memory.rss.pct\":{\"id\":\"percent\"},\"system.process.memory.share\":{\"id\":\"bytes\"},\"system.process.cgroup.cpu.pressure.some.10.pct\":{\"id\":\"percent\"},\"system.process.cgroup.cpu.pressure.some.60.pct\":{\"id\":\"percent\"},\"system.process.cgroup.cpu.pressure.some.300.pct\":{\"id\":\"percent\"},\"system.process.cgroup.cpu.pressure.some.total\":{\"id\":\"percent\"},\"system.process.cgroup.cpu.pressure.full.10.pct\":{\"id\":\"percent\"},\"system.process.cgroup.cpu.pressure.full.60.pct\":{\"id\":\"percent\"},\"system.process.cgroup.cpu.pressure.full.300.pct\":{\"id\":\"percent\"},\"system.process.cgroup.memory.mem.low.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.mem.high.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.mem.max.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.memsw.low.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.memsw.high.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.memory.memsw.max.bytes\":{\"id\":\"bytes\"},\"system.process.cgroup.io.pressure.full.10.pct\":{\"id\":\"percent\"},\"system.process.cgroup.io.pressure.full.60.pct\":{\"id\":\"percent\"},\"system.process.cgroup.io.pressure.full.300.pct\":{\"id\":\"percent\"},\"system.process.cgroup.io.pressure.some.10.pct\":{\"id\":\"percent\"},\"system.process.cgroup.io.pressure.some.60.pct\":{\"id\":\"percent\"},\"system.socket.summary.tcp.memory\":{\"id\":\"bytes\"},\"system.socket.summary.udp.memory\":{\"id\":\"bytes\"},\"system.fsstat.total_size.free\":{\"id\":\"bytes\"},\"system.fsstat.total_size.used\":{\"id\":\"bytes\"},\"system.fsstat.total_size.total\":{\"id\":\"bytes\"},\"system.memory.total\":{\"id\":\"bytes\"},\"system.memory.used.bytes\":{\"id\":\"bytes\"},\"system.memory.free\":{\"id\":\"bytes\"},\"system.memory.used.pct\":{\"id\":\"percent\"},\"system.memory.actual.used.bytes\":{\"id\":\"bytes\"},\"system.memory.actual.free\":{\"id\":\"bytes\"},\"system.memory.actual.used.pct\":{\"id\":\"percent\"},\"system.memory.swap.total\":{\"id\":\"bytes\"},\"system.memory.swap.used.bytes\":{\"id\":\"bytes\"},\"system.memory.swap.free\":{\"id\":\"bytes\"},\"system.memory.swap.used.pct\":{\"id\":\"percent\"},\"system.memory.page_stats.pgscan_kswapd.pages\":{\"id\":\"number\"},\"system.memory.page_stats.pgscan_direct.pages\":{\"id\":\"number\"},\"system.memory.page_stats.pgfree.pages\":{\"id\":\"number\"},\"system.memory.page_stats.pgsteal_kswapd.pages\":{\"id\":\"number\"},\"system.memory.page_stats.pgsteal_direct.pages\":{\"id\":\"number\"},\"system.memory.page_stats.direct_efficiency.pct\":{\"id\":\"percent\"},\"system.memory.page_stats.kswapd_efficiency.pct\":{\"id\":\"percent\"},\"system.memory.hugepages.total\":{\"id\":\"number\"},\"system.memory.hugepages.used.bytes\":{\"id\":\"bytes\"},\"system.memory.hugepages.used.pct\":{\"id\":\"percent\"},\"system.memory.hugepages.free\":{\"id\":\"number\"},\"system.memory.hugepages.reserved\":{\"id\":\"number\"},\"system.memory.hugepages.surplus\":{\"id\":\"number\"},\"system.memory.hugepages.default_size\":{\"id\":\"bytes\"},\"host.network.in.bytes\":{\"id\":\"bytes\"},\"host.network.out.bytes\":{\"id\":\"bytes\"},\"system.network.out.bytes\":{\"id\":\"bytes\"},\"system.network.in.bytes\":{\"id\":\"bytes\"},\"system.uptime.duration.ms\":{\"id\":\"duration\"},\"event.sequence\":{\"id\":\"string\"},\"event.severity\":{\"id\":\"string\"}}", "fields": "[{\"name\":\"cloud.account.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.availability_zone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.instance.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.instance.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.machine.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.project.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cloud.image.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.image.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.labels\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"container.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.family\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.kernel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.name.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.os.platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.containerized\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.dataset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_stream.namespace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.acked\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.active\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.batches\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.dropped\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.duplicates\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.failed\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.toomany\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.events.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.write.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.write.errors\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.snapshot\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic_agent.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.user.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.total.value\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.system.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.total.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.total.time.ms\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.user.time.ms\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.system.time.ms\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.memory.size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.fd.open\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.fd.limit.soft\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.fd.limit.hard\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.cfs.period.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.cfs.quota.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.cfs.shares\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.rt.period.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.rt.runtime.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.periods\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.throttled.periods\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.throttled.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.total.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.stats.user.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.stats.system.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.percpu\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.usage.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.usage.max.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.failures\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.usage.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.usage.max.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.failures\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem.usage.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem.usage.max.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem.limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem.failures\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem_tcp.usage.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem_tcp.usage.max.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem_tcp.limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.kmem_tcp.failures\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.active_anon.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.active_file.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.cache.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.hierarchical_memory_limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.hierarchical_memsw_limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.inactive_anon.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.inactive_file.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.mapped_file.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.page_faults\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.major_page_faults\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.pages_in\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.pages_out\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.rss.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.rss_huge.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.swap.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.unevictable.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.blkio.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.blkio.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.blkio.total.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.blkio.total.ios\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.beat.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.beat.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.beat.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.beat.uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.beat.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.cpu.cores\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.load.1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.load.15\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.load.5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.load.norm.1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.load.norm.15\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.system.load.norm.5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.system.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.system.time.ms\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.total.value\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.total.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.total.time.ms\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.user.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cpu.user.time.ms\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.info.ephemeral_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.info.uptime.ms\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpu.cfs.period.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpu.cfs.quota.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpu.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpu.stats.periods\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpu.stats.throttled.periods\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpu.stats.throttled.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpuacct.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.cpuacct.total.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.memory.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.memory.mem.limit.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.cgroup.memory.mem.usage.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.memstats.gc_next\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.memstats.memory.alloc\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.memstats.memory.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.memstats.rss\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.handles.open\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.handles.limit.hard\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.handles.limit.soft\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.uptime.ms\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.runtime.goroutines\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.clients\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.queue.acked\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.active\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.dropped\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.failed\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.filtered\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.published\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.retry\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.pipeline.events.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.config.running\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.config.starts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.config.stops\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.read.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.stats.libbeat.output.read.errors\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.dataset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.cpu.usage\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.disk.read.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.disk.write.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.egress.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.egress.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.ingress.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.ingress.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.user.roles\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.user.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.user.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.system.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.system.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.nice.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.nice.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.idle.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.idle.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.iowait.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.iowait.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.irq.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.irq.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.softirq.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.softirq.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.steal.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.core.steal.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.read.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.write.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.read.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.write.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.read.time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.write.time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.io.time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.read.request.merges_per_sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.write.request.merges_per_sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.read.request.per_sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.write.request.per_sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.read.per_sec.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.read.await\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.write.per_sec.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.write.await\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.request.avg_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.queue.avg_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.await\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.service_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.diskio.iostat.busy\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.cpu.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.cores\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.user.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.system.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.nice.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.idle.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.iowait.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.irq.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.softirq.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.steal.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.total.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.user.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.system.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.nice.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.idle.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.iowait.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.irq.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.softirq.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.steal.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.total.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.user.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.system.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.nice.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.idle.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.iowait.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.irq.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.softirq.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.cpu.steal.ticks\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.available\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.device_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.mount_point\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.files\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.free_files\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.used.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.filesystem.used.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.cpu.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.cpu.start_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.memory.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.digest_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.byte_order\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.cpu_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.exports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.abi_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.entrypoint\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.object_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.os_abi\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.header.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.imports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.chi2\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.entropy\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.physical_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.physical_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.virtual_address\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.sections.virtual_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.segments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.segments.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.segments.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.shared_libraries\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.elf.telfhash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.end\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.hash.ssdeep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.args_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.digest_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.exists\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.signing_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.subject_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.team_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.trusted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.code_signature.valid\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.command_line\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.byte_order\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.cpu_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.exports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.abi_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.entrypoint\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.object_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.os_abi\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.header.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.imports\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.chi2\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.entropy\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.physical_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.physical_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.virtual_address\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.sections.virtual_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.segments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.segments.sections\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.segments.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.shared_libraries\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.elf.telfhash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.end\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.entity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.executable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.exit_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.sha512\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.hash.ssdeep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.parent.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.file_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.imphash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.original_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pe.product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pgid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.ppid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.thread.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.working_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.changes.roles\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.effective.roles\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.roles\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.target.roles\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cmdline\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.env\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.total.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.total.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cpu.start_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.memory.rss.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.memory.rss.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.memory.share\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cgroups_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.usage.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.usage.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.usage.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.user.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.user.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.user.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.system.ns\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.system.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.system.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.stats.throttled.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.some.10.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.some.60.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.some.300.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.some.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.full.10.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.full.60.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.full.300.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpu.pressure.full.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.total.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.total.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.stats.user.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.stats.user.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.stats.system.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.cpuacct.stats.system.norm.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.low.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.high.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.max.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.events.low\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.events.high\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.events.max\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.events.oom\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.events.oom_kill\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.mem.events.fail\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.low.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.high.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.max.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.events.low\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.events.high\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.events.max\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.events.oom\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.events.oom_kill\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.memsw.events.fail\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.*\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.memory.stats.*.bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.stats.*\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.stats.*.*\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.stats.*.*.bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.stats.*.*.ios\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.full.10.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.full.60.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.full.300.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.full.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.some.10.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.some.60.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.some.300.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.cgroup.io.pressure.some.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.as.number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.as.organization.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.nat.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.nat.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.full_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.group.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.group.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.group.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.user.roles\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.all.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.all.listening\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.memory\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.orphan\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.listening\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.established\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.close_wait\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.time_wait\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.syn_sent\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.syn_recv\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.fin_wait1\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.fin_wait2\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.last_ack\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.tcp.all.closing\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.udp.memory\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.socket.summary.udp.all.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.fsstat.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.fsstat.total_files\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.fsstat.total_size.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.fsstat.total_size.used\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.fsstat.total_size.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.used.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.used.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.actual.used.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.actual.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.actual.used.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.used.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.out.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.in.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.readahead.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.readahead.cached\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.swap.used.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.pgscan_kswapd.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.pgscan_direct.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.pgfree.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.pgsteal_kswapd.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.pgsteal_direct.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.direct_efficiency.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.page_stats.kswapd_efficiency.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.used.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.used.pct\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.reserved\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.surplus\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.default_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.swap.out.pages\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.memory.hugepages.swap.out.fallback\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.running\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.idle\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.sleeping\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.stopped\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.zombie\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.dead\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.process.summary.unknown\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.in.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.in.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.out.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.network.out.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.out.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.in.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.out.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.in.packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.in.errors\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.out.errors\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.in.dropped\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.network.out.dropped\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.uptime.duration.ms\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.1\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.5\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.15\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.norm.1\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.norm.5\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.norm.15\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.load.cores\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.capabilities\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"Endpoint.configuration\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.configuration.isolation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.state.isolation\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ecs.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"elastic.agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.created\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.ingested\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.kind\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.outcome\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.sequence\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.severity\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.Ext.variant\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.os.full.text\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":true},{\"name\":\"host.os.name.caseless\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint.histogram\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint.latest\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.cpu.endpoint.mean\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.metrics.disks.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.endpoint_drive\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.free\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.fstype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.mount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.disks.total\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.file_events.sent_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.file_events.sent_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.file_events.suppressed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.file_events.suppressed_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.library_events.sent_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.library_events.sent_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.library_events.suppressed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.library_events.suppressed_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.network_events.sent_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.network_events.sent_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.network_events.suppressed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.network_events.suppressed_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.overall.sent_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.overall.sent_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.overall.suppressed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.overall.suppressed_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.process_events.sent_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.process_events.sent_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.process_events.suppressed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.process_events.suppressed_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.registry_events.sent_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.registry_events.sent_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.registry_events.suppressed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.documents_volume.registry_events.suppressed_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint.private\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint.private.latest\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.memory.endpoint.private.mean\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.system_impact\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.metrics.threads\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.metrics.uptime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.uptime.endpoint\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.metrics.uptime.system\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.end\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.actions.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.artifacts.global\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.identifiers.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.global.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.identifiers.sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.artifacts.user.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.endpoint_policy_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.response.configurations\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.response.configurations.antivirus_registration\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.response.configurations.antivirus_registration.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.antivirus_registration.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.behavior_protection.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.behavior_protection.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.events\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.events.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.events.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.host_isolation.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.host_isolation.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.logging\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.logging.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.logging.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.malware\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.malware.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.malware.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.memory_protection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.memory_protection.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.memory_protection.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.ransomware.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.ransomware.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.streaming\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.streaming.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.configurations.streaming.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"Endpoint.policy.applied.response.diagnostic.behavior_protection.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.behavior_protection.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.credential_protection.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.credential_protection.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.malware.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.malware.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.memory_protection.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.memory_protection.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.memory_scan.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.memory_scan.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.ransomware.concerned_actions\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.response.diagnostic.ransomware.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"Endpoint.policy.applied.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.build.original\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]", "timeFieldName": "@timestamp", "title": "metrics-*"}, "coreMigrationVersion": "7.16.2", "id": "metrics-*", "migrationVersion": {"index-pattern": "7.11.0"}, "references": [], "sort": [1643385898421, 2830], "type": "index-pattern", "updated_at": "2022-01-28T16:04:58.421Z", "version": "WzE0NDc2LDE1XQ=="} +{"excludedObjects": [], "excludedObjectsCount": 0, "exportedCount": 823, "missingRefCount": 1, "missingReferences": [{"id": "0b963f20-6f9c-11ec-864c-8b5450f97635", "type": "tag"}]} From b7ad4e0570e3d4ba1d6662fae84c736195bb0895 Mon Sep 17 00:00:00 2001 From: weslambert Date: Wed, 15 Feb 2023 14:19:29 -0500 Subject: [PATCH 56/62] Change default data view from 'so-*' to 'logs-*' --- salt/kibana/files/config_saved_objects.ndjson | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/kibana/files/config_saved_objects.ndjson b/salt/kibana/files/config_saved_objects.ndjson index 3ac67ed27..dce56b582 100644 --- a/salt/kibana/files/config_saved_objects.ndjson +++ b/salt/kibana/files/config_saved_objects.ndjson @@ -1 +1 @@ -{"attributes": {"buildNum": 39457,"defaultIndex": "2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion": "8.6.1","id": "8.6.1","migrationVersion": {"config": "7.13.0"},"references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="} +{"attributes": {"buildNum": 39457,"defaultIndex": "logs-*","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion": "8.6.1","id": "8.6.1","migrationVersion": {"config": "7.13.0"},"references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="} From dcbf5a2fa607c433a6d0a6bb61ac9cbdd8ca5a6f Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 16 Feb 2023 10:55:32 -0500 Subject: [PATCH 57/62] Update VERSION --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index 7f2e97617..197c4d5c2 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4.0-kilo +2.4.0 From 79041d091ea98470edafdd47bcc454ba37eeafa2 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 16 Feb 2023 13:22:13 -0500 Subject: [PATCH 58/62] influx upgrade --- salt/common/tools/sbin/so-influxdb-manage | 1 - 1 file changed, 1 deletion(-) diff --git a/salt/common/tools/sbin/so-influxdb-manage b/salt/common/tools/sbin/so-influxdb-manage index 907e0342c..b22d63bb6 100644 --- a/salt/common/tools/sbin/so-influxdb-manage +++ b/salt/common/tools/sbin/so-influxdb-manage @@ -128,7 +128,6 @@ lookup_org_id_with_wait() { wait=10 while [[ $attempts -lt $max_attempts ]]; do response=$(request orgs?org=Security+Onion) - check_response "$response" oid=$(echo "$response" | jq -r ".orgs[] | select(.name == \"Security Onion\").id") if [[ -z $oid ]]; then attempts=$((attempts+1)) From 59b1af15dbfe0265dae8b182185a95232bce3c01 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 16 Feb 2023 13:49:19 -0500 Subject: [PATCH 59/62] correct top order for import --- salt/top.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/top.sls b/salt/top.sls index 5745b02db..3c4401478 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -318,9 +318,9 @@ base: - sensoroni - manager - nginx - - soc - - influxdb - telegraf + - influxdb + - soc - kratos - firewall - idstools From dfa5503e4179b69c4f1d6d13abdfae09fe38f0f4 Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Fri, 17 Feb 2023 07:06:36 -0500 Subject: [PATCH 60/62] UPGRADE: Elastic 8.6.2 #9804 --- salt/kibana/files/config_saved_objects.ndjson | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/kibana/files/config_saved_objects.ndjson b/salt/kibana/files/config_saved_objects.ndjson index dce56b582..cc25b61e4 100644 --- a/salt/kibana/files/config_saved_objects.ndjson +++ b/salt/kibana/files/config_saved_objects.ndjson @@ -1 +1 @@ -{"attributes": {"buildNum": 39457,"defaultIndex": "logs-*","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion": "8.6.1","id": "8.6.1","migrationVersion": {"config": "7.13.0"},"references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="} +{"attributes": {"buildNum": 39457,"defaultIndex": "logs-*","defaultRoute": "/app/dashboards#/view/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize": 100,"theme:darkMode": true,"timepicker:timeDefaults": "{\n \"from\": \"now-24h\",\n \"to\": \"now\"\n}"},"coreMigrationVersion": "8.6.2","id": "8.6.2","migrationVersion": {"config": "7.13.0"},"references": [],"type": "config","updated_at": "2021-10-10T10:10:10.105Z","version": "WzI5NzUsMl0="} From ef3abe158c5952adcb2581ca627ca712e87d6044 Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Fri, 17 Feb 2023 07:07:20 -0500 Subject: [PATCH 61/62] UPGRADE: Elastic 8.6.2 #9804 --- salt/kibana/bin/so-kibana-config-load | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/kibana/bin/so-kibana-config-load b/salt/kibana/bin/so-kibana-config-load index 2a4e85b9d..63ad170f2 100644 --- a/salt/kibana/bin/so-kibana-config-load +++ b/salt/kibana/bin/so-kibana-config-load @@ -63,7 +63,7 @@ update() { IFS=$'\r\n' GLOBIGNORE='*' command eval 'LINES=($(cat $1))' for i in "${LINES[@]}"; do - RESPONSE=$(curl -K /opt/so/conf/elasticsearch/curl.config -X PUT "localhost:5601/api/saved_objects/config/8.6.1" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ") + RESPONSE=$(curl -K /opt/so/conf/elasticsearch/curl.config -X PUT "localhost:5601/api/saved_objects/config/8.6.2" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d " $i ") echo $RESPONSE; if [[ "$RESPONSE" != *"\"success\":true"* ]] && [[ "$RESPONSE" != *"updated_at"* ]] ; then RETURN_CODE=1;fi done From b62cc32b1a4a80356f46621084cb0e0892967617 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Tue, 21 Feb 2023 11:52:37 -0500 Subject: [PATCH 62/62] Initial support for IDH --- salt/allowed_states.map.jinja | 1 - salt/common/tools/sbin/so-firewall-minion | 2 +- salt/common/tools/sbin/so-minion | 16 ++++- salt/docker/defaults.yaml | 2 + salt/firewall/assigned_hostgroups.map.yaml | 8 ++- salt/firewall/containers.map.jinja | 84 ++++++++++++++++++++++ salt/firewall/map.jinja | 7 ++ salt/idh/opencanary_config.map.jinja | 22 ++++-- salt/top.sls | 3 - salt/vars/idh.map.jinja | 1 + setup/so-functions | 29 ++++++++ setup/so-setup | 4 +- setup/so-whiptail | 52 ++++++++++++++ 13 files changed, 216 insertions(+), 15 deletions(-) create mode 100644 salt/vars/idh.map.jinja diff --git a/salt/allowed_states.map.jinja b/salt/allowed_states.map.jinja index 42ec3604a..446892ba4 100644 --- a/salt/allowed_states.map.jinja +++ b/salt/allowed_states.map.jinja @@ -81,7 +81,6 @@ 'ssl', 'telegraf', 'firewall', - 'filebeat', 'idh', 'schedule', 'docker_clean' diff --git a/salt/common/tools/sbin/so-firewall-minion b/salt/common/tools/sbin/so-firewall-minion index acedcffeb..e796035f9 100755 --- a/salt/common/tools/sbin/so-firewall-minion +++ b/salt/common/tools/sbin/so-firewall-minion @@ -69,7 +69,7 @@ fi so-firewall --apply --role=heavynodes --ip="$IP" ;; 'IDH') - so-firewall --apply --role=beats_endpoint_ssl --ip="$IP" + so-firewall --apply --role=sensors --ip="$IP" ;; 'RECEIVER') so-firewall --apply --role=receivers --ip="$IP" diff --git a/salt/common/tools/sbin/so-minion b/salt/common/tools/sbin/so-minion index a51a31ed4..03f26c556 100755 --- a/salt/common/tools/sbin/so-minion +++ b/salt/common/tools/sbin/so-minion @@ -119,6 +119,18 @@ function add_elastic_to_minion() { " " >> $PILLARFILE } +# Add IDH Services info to the minion file +function add_idh_to_minion() { + printf '%s\n'\ + "idh:"\ + " restrict_management_ip: $IDH_MGTRESTRICT"\ + " services:" >> "$PILLARFILE" + IFS=',' read -ra IDH_SERVICES_ARRAY <<< "$IDH_SERVICES" + for service in ${IDH_SERVICES_ARRAY[@]}; do + echo " - $service" | tr '[:upper:]' '[:lower:]' | tr -d '"' >> "$PILLARFILE" + done +} + function add_logstash_to_minion() { # Create the logstash advanced pillar printf '%s\n'\ @@ -183,8 +195,8 @@ function createEVAL() { add_sensor_to_minion } -function createIDHNODE() { - echo "Nothing custom needed for IDH nodes" +function createIDH() { + add_idh_to_minion } function createIMPORT() { diff --git a/salt/docker/defaults.yaml b/salt/docker/defaults.yaml index 6886703db..30b2c78e1 100644 --- a/salt/docker/defaults.yaml +++ b/salt/docker/defaults.yaml @@ -102,3 +102,5 @@ docker: final_octet: 44 port_bindings: - 0.0.0.0:8080:8080/tcp + 'so-idh': + final_octet: 45 diff --git a/salt/firewall/assigned_hostgroups.map.yaml b/salt/firewall/assigned_hostgroups.map.yaml index 25dbba1b0..4253d9bc2 100644 --- a/salt/firewall/assigned_hostgroups.map.yaml +++ b/salt/firewall/assigned_hostgroups.map.yaml @@ -2,6 +2,7 @@ {% import_yaml 'firewall/ports/ports.yaml' as portgroups %} {% set portgroups = portgroups.firewall.ports %} {% set TRUE_CLUSTER = salt['pillar.get']('elasticsearch:true_cluster', True) %} +{% from 'idh/opencanary_config.map.jinja' import IDH_PORTGROUPS %} role: eval: @@ -573,7 +574,7 @@ role: portgroups: {% set idh_services = salt['pillar.get']('idh:services', []) %} {% for service in idh_services %} - - {{ portgroups['idh_'~service] }} + - {{ IDH_PORTGROUPS['idh_'~service] }} {% endfor %} dockernet: portgroups: @@ -583,4 +584,7 @@ role: - {{ portgroups.all }} manager: portgroups: - - {{ portgroups.ssh }} + - {{ IDH_PORTGROUPS.openssh }} + standalone: + portgroups: + - {{ IDH_PORTGROUPS.openssh }} diff --git a/salt/firewall/containers.map.jinja b/salt/firewall/containers.map.jinja index 702f2ff63..70a676e89 100644 --- a/salt/firewall/containers.map.jinja +++ b/salt/firewall/containers.map.jinja @@ -1,3 +1,31 @@ +{% from 'vars/globals.map.jinja' import GLOBALS %} + +{% if GLOBALS.role == 'so-eval' %} +{% set NODE_CONTAINERS = [ + 'so-curator', + 'so-dockerregistry', + 'so-elasticsearch', + 'so-elastic-fleet', + 'so-elastic-fleet-package-registry', + 'so-grafana', + 'so-influxdb', + 'so-kibana', + 'so-kratos', + 'so-mysql', + 'so-nginx', + 'so-redis', + 'so-soc', + 'so-soctopus', + 'so-strelka-coordinator', + 'so-strelka-gatekeeper', + 'so-strelka-frontend', + 'so-strelka-backend', + 'so-strelka-manager', + 'so-strelka-filestream' +] %} +{% endif %} + +{% if GLOBALS.role == 'so-manager' or GLOBALS.role == 'so-standalone' or GLOBALS.role == 'so-managersearch' %} {% set NODE_CONTAINERS = [ 'so-curator', 'so-dockerregistry', @@ -21,3 +49,59 @@ 'so-strelka-manager', 'so-strelka-filestream' ] %} +{% endif %} + +{% if GLOBALS.role == 'so-searchnode' %} +{% set NODE_CONTAINERS = [ + 'so-elasticsearch', + 'so-filebeat', + 'so-logstash', + 'so-nginx' +] %} +{% endif %} + +{% if GLOBALS.role == 'so-heavynode' %} +{% set NODE_CONTAINERS = [ + 'so-curator', + 'so-elasticsearch', + 'so-filebeat', + 'so-logstash', + 'so-nginx', + 'so-redis', + 'so-strelka-coordinator', + 'so-strelka-gatekeeper', + 'so-strelka-frontend', + 'so-strelka-backend', + 'so-strelka-manager', + 'so-strelka-filestream' +] %} +{% endif %} + +{% if GLOBALS.role == 'so-import' %} +{% set NODE_CONTAINERS = [ + 'so-dockerregistry', + 'so-elasticsearch', + 'so-elastic-fleet', + 'so-elastic-fleet-package-registry', + 'so-filebeat', + 'so-influxdb', + 'so-kibana', + 'so-kratos', + 'so-nginx', + 'so-soc' +] %} +{% endif %} + +{% if GLOBALS.role == 'so-receiver' %} +{% set NODE_CONTAINERS = [ + 'so-filebeat', + 'so-logstash', + 'so-redis', +] %} +{% endif %} + +{% if GLOBALS.role == 'so-idh' %} +{% set NODE_CONTAINERS = [ + 'so-idh', +] %} +{% endif %} diff --git a/salt/firewall/map.jinja b/salt/firewall/map.jinja index ea2d1b4e8..06586ddf2 100644 --- a/salt/firewall/map.jinja +++ b/salt/firewall/map.jinja @@ -1,3 +1,4 @@ +{% from 'vars/globals.map.jinja' import GLOBALS %} {% set role = grains.id.split('_') | last %} {% set translated_pillar_assigned_hostgroups = {} %} @@ -9,9 +10,15 @@ {% else %} {% set local_portgroups = {} %} {% endif %} + {% set portgroups = salt['defaults.merge'](default_portgroups, local_portgroups, in_place=False) %} {% set defined_portgroups = portgroups %} +{% if GLOBALS.role == 'so-idh' %} +{% from 'idh/opencanary_config.map.jinja' import IDH_PORTGROUPS %} +{% do salt['defaults.merge'](defined_portgroups, IDH_PORTGROUPS, in_place=True) %} +{% endif %} + {% set local_hostgroups = {'firewall': {'hostgroups': {}}} %} {% set hostgroup_list = salt['cp.list_master'](prefix='firewall/hostgroups') %} diff --git a/salt/idh/opencanary_config.map.jinja b/salt/idh/opencanary_config.map.jinja index c4533682d..cb601c163 100644 --- a/salt/idh/opencanary_config.map.jinja +++ b/salt/idh/opencanary_config.map.jinja @@ -1,11 +1,25 @@ {% set idh_services = salt['pillar.get']('idh:services', []) %} -{% import_yaml "idh/defaults/defaults.yaml" as OPENCANARYCONFIG with context %} +{% set IDH_PORTGROUPS = {} %} + +{% import_yaml "idh/defaults/defaults.yaml" as IDHCONFIG with context %} {% for service in idh_services %} {% import_yaml "idh/defaults/" ~ service ~ ".defaults.yaml" as SERVICECONFIG with context %} - {% do salt['defaults.merge'](OPENCANARYCONFIG, SERVICECONFIG, in_place=True) %} + {% do salt['defaults.merge'](IDHCONFIG, SERVICECONFIG, in_place=True) %} {% endfor %} -{% set OPENCANARYCONFIG = salt['pillar.get']('idh:opencanary:config', default=OPENCANARYCONFIG.idh.opencanary.config, merge=True) %} -{% do OPENCANARYCONFIG.idh.opencanary.config.update({'device.node_id': grains.host}) %} +{% set OPENCANARYCONFIG = salt['pillar.get']('idh:opencanary:config', default=IDHCONFIG.idh.opencanary.config, merge=True) %} +{% set OPENSSH = salt['pillar.get']('idh:openssh', default=IDHCONFIG.idh.openssh, merge=True) %} +{% for service in idh_services %} + {% if service in ["smnp","ntp", "tftp"] %} + {% set proto = 'udp' %} + {% else %} + {% set proto = 'tcp' %} + {% endif %} + {% do IDH_PORTGROUPS.update({'idh_' ~ service: {proto: [OPENCANARYCONFIG[service ~ '.port']]}}) %} +{% endfor %} + +{% do IDH_PORTGROUPS.update({'openssh': {'tcp': [OPENSSH.config.port]}}) %} + +{% do OPENCANARYCONFIG.update({'device.node_id': grains.host}) %} diff --git a/salt/top.sls b/salt/top.sls index 3c4401478..529bdd2a4 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -368,9 +368,6 @@ base: - firewall - schedule - docker_clean - {%- if FILEBEAT %} - - filebeat - {%- endif %} - idh 'J@workstation:gui:enabled:^[Tt][Rr][Uu][Ee]$ and ( G@saltversion:{{saltversion}} and G@os:CentOS )': diff --git a/salt/vars/idh.map.jinja b/salt/vars/idh.map.jinja new file mode 100644 index 000000000..396cefcc9 --- /dev/null +++ b/salt/vars/idh.map.jinja @@ -0,0 +1 @@ +{% set ROLE_GLOBALS = {} %} \ No newline at end of file diff --git a/setup/so-functions b/setup/so-functions index 34bbe0610..8139b60a1 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -339,6 +339,33 @@ collect_hostname_validate() { done } +collect_idh_preferences() { + IDH_MGTRESTRICT='False' + whiptail_idh_preferences + + if [[ "$idh_preferences" != "" ]]; then IDH_MGTRESTRICT='True'; fi +} + +collect_idh_services() { + whiptail_idh_services + + case "$IDH_SERVICES" in + 'Linux Webserver (NAS Skin)') + IDH_SERVICES='"HTTP","FTP","SSH"' + ;; + 'MySQL Server') + IDH_SERVICES='"MYSQL","SSH"' + ;; + 'MSSQL Server') + IDH_SERVICES='"MSSQL","VNC' + ;; + 'Custom') + whiptail_idh_services_custom + IDH_SERVICES=$(echo "$IDH_SERVICES" | tr '[:blank:]' ',' ) + ;; + esac +} + collect_int_ip_mask() { whiptail_management_interface_ip_mask @@ -1875,6 +1902,8 @@ drop_install_options() { echo "LSHOSTNAME=$HOSTNAME" >> /opt/so/install.txt echo "LSHEAP=$LS_HEAP_SIZE" >> /opt/so/install.txt echo "CPUCORES=$num_cpu_cores" >> /opt/so/install.txt + echo "IDH_MGTRESTRICT=$IDH_MGTRESTRICT" >> /opt/so/install.txt + echo "IDH_SERVICES=$IDH_SERVICES" >> /opt/so/install.txt } remove_package() { diff --git a/setup/so-setup b/setup/so-setup index 9ecbed08c..a1b672918 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -453,6 +453,8 @@ if ! [[ -f $install_opt_file ]]; then collect_mngr_hostname add_mngr_ip_to_hosts check_manager_connection + collect_idh_services + collect_idh_preferences set_minion_info whiptail_end_settings @@ -538,8 +540,6 @@ if ! [[ -f $install_opt_file ]]; then export NODETYPE=$install_type export MINION_ID=$MINION_ID export ES_HEAP_SIZE=$ES_HEAP_SIZE - export IDHMGTRESTRICT=$IDHMGTRESTRICT - export idh_services=$idh_services export MNIC=$MNIC export NODE_DESCRIPTION=$NODE_DESCRIPTION export MAINIP=$MAINIP diff --git a/setup/so-whiptail b/setup/so-whiptail index 715baa375..6123ea97d 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -466,6 +466,58 @@ whiptail_gauge_post_setup() { fi } + whiptail_idh_preferences() { + + [ -n "$TESTING" ] && return + + idh_preferences=$(whiptail --title "$whiptail_title" --radiolist \ + "\nBy default, the IDH services selected in the previous screen will be bound to all interfaces and IP addresses on this system.\n\nIf you would like to prevent IDH services from being published on this system's management IP, you can select the option below." 20 75 5 \ + "$MAINIP" "Disable IDH services on this management IP " OFF 3>&1 1>&2 2>&3 ) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus +} + +whiptail_idh_services() { + + [ -n "$TESTING" ] && return + + IDH_SERVICES=$(whiptail --title "$whiptail_title" --radiolist \ + "\nThe IDH node can mimic many different services.\n\nChoose one of the common options along with their default ports (TCP) or select the Custom option to build a customized set of services." 20 75 5 \ + "Linux Webserver (NAS Skin)" "Apache (80), FTP (21), SSH (22)" ON \ + "MySQL Server" "MySQL (3306), SSH (22)" OFF \ + "MSSQL Server" "Microsoft SQL (1433), VNC (5900)" OFF \ + "Custom" "Select a custom set of services" OFF 3>&1 1>&2 2>&3 ) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus +} + + +whiptail_idh_services_custom() { + + [ -n "$TESTING" ] && return + + IDH_SERVICES=$(whiptail --title "$whiptail_title" --checklist \ + "\nThe IDH node can mimic many different services.\n\nChoose one or more of the following services along with their default ports. Some services have additional configuration options, please consult the documentation for further information." 25 75 8 \ + "FTP" " TCP/21, Additional Configuration Available " OFF \ + "Git" " TCP/9418 " OFF \ + "HTTP" " TCP/80, Additional Configuration Available " OFF \ + "HTTPPROXY" " TCP/8080, Additional Configuration Available " OFF \ + "MSSQL" " TCP/1433 " OFF \ + "MySQL" " TCP/3306, Additional Configuration Available " OFF \ + "NTP" " UDP/123 " OFF \ + "REDIS" " TCP/6379 " OFF \ + "SNMP" " UDP/161 " OFF \ + "SSH" " TCP/22, Additional Configuration Available " OFF \ + "TELNET" " TCP/23, Additional Configuration Available " OFF \ + "TFTP" " UDP/69 " OFF \ + "VNC" " TCP/5900 " OFF 3>&1 1>&2 2>&3 ) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus +} + whiptail_install_type() { [ -n "$TESTING" ] && return