+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ /kippo2elasticsearch
+
+
+
+
+ -
+
+
+
- + + + Star + + + + 8 + + + + +
- + + + Fork + + + 1 + + +
+
+ /kippo2elasticsearch
+
+
+ 
+
+
+
+
+
+
+
+
+
+
+
+
+
+Permalink
+
+
+
+
+
+
+
+
+
+
+
+
+ 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ | + | { | +
| + | "title": "Kippo2ElasticSearch", | +
| + | "services": { | +
| + | "query": { | +
| + | "list": { | +
| + | "0": { | +
| + | "query": "*", | +
| + | "alias": "", | +
| + | "color": "#7EB26D", | +
| + | "id": 0, | +
| + | "pin": false, | +
| + | "type": "lucene", | +
| + | "enable": true | +
| + | } | +
| + | }, | +
| + | "ids": [ | +
| + | 0 | +
| + | ] | +
| + | }, | +
| + | "filter": { | +
| + | "list": {}, | +
| + | "ids": [] | +
| + | } | +
| + | }, | +
| + | "rows": [ | +
| + | { | +
| + | "title": "Graph", | +
| + | "height": "250px", | +
| + | "editable": true, | +
| + | "collapse": false, | +
| + | "collapsable": true, | +
| + | "panels": [ | +
| + | { | +
| + | "error": false, | +
| + | "span": 3, | +
| + | "editable": true, | +
| + | "group": [ | +
| + | "default" | +
| + | ], | +
| + | "type": "terms", | +
| + | "queries": { | +
| + | "mode": "all", | +
| + | "ids": [ | +
| + | 0 | +
| + | ] | +
| + | }, | +
| + | "field": "_type", | +
| + | "exclude": [], | +
| + | "missing": true, | +
| + | "other": true, | +
| + | "size": 10, | +
| + | "order": "count", | +
| + | "style": { | +
| + | "font-size": "10pt" | +
| + | }, | +
| + | "donut": false, | +
| + | "tilt": false, | +
| + | "labels": true, | +
| + | "arrangement": "horizontal", | +
| + | "chart": "table", | +
| + | "counter_pos": "above", | +
| + | "spyable": true, | +
| + | "title": "Document Types", | +
| + | "tmode": "terms", | +
| + | "tstat": "total", | +
| + | "valuefield": "" | +
| + | }, | +
| + | { | +
| + | "error": false, | +
| + | "span": 3, | +
| + | "editable": true, | +
| + | "type": "terms", | +
| + | "loadingEditor": false, | +
| + | "field": "success", | +
| + | "exclude": [], | +
| + | "missing": true, | +
| + | "other": true, | +
| + | "size": 5, | +
| + | "order": "count", | +
| + | "style": { | +
| + | "font-size": "10pt" | +
| + | }, | +
| + | "donut": false, | +
| + | "tilt": false, | +
| + | "labels": true, | +
| + | "arrangement": "horizontal", | +
| + | "chart": "table", | +
| + | "counter_pos": "above", | +
| + | "spyable": true, | +
| + | "queries": { | +
| + | "mode": "all", | +
| + | "ids": [ | +
| + | 0 | +
| + | ] | +
| + | }, | +
| + | "tmode": "terms", | +
| + | "tstat": "total", | +
| + | "valuefield": "", | +
| + | "title": "Successes" | +
| + | }, | +
| + | { | +
| + | "error": false, | +
| + | "span": 3, | +
| + | "editable": true, | +
| + | "type": "terms", | +
| + | "loadingEditor": false, | +
| + | "field": "sensor", | +
| + | "exclude": [], | +
| + | "missing": false, | +
| + | "other": false, | +
| + | "size": 5, | +
| + | "order": "count", | +
| + | "style": { | +
| + | "font-size": "10pt" | +
| + | }, | +
| + | "donut": false, | +
| + | "tilt": false, | +
| + | "labels": true, | +
| + | "arrangement": "horizontal", | +
| + | "chart": "table", | +
| + | "counter_pos": "above", | +
| + | "spyable": true, | +
| + | "queries": { | +
| + | "mode": "all", | +
| + | "ids": [ | +
| + | 0 | +
| + | ] | +
| + | }, | +
| + | "tmode": "terms", | +
| + | "tstat": "total", | +
| + | "valuefield": "", | +
| + | "title": "Sensors" | +
| + | } | +
| + | ], | +
| + | "notice": false | +
| + | }, | +
| + | { | +
| + | "title": "Histogram", | +
| + | "height": "300px", | +
| + | "editable": true, | +
| + | "collapse": false, | +
| + | "collapsable": true, | +
| + | "panels": [ | +
| + | { | +
| + | "span": 12, | +
| + | "editable": true, | +
| + | "type": "histogram", | +
| + | "loadingEditor": false, | +
| + | "mode": "count", | +
| + | "time_field": "timestamp", | +
| + | "value_field": null, | +
| + | "x-axis": true, | +
| + | "y-axis": true, | +
| + | "scale": 1, | +
| + | "y_format": "none", | +
| + | "grid": { | +
| + | "max": null, | +
| + | "min": 0 | +
| + | }, | +
| + | "queries": { | +
| + | "mode": "all", | +
| + | "ids": [ | +
| + | 0 | +
| + | ] | +
| + | }, | +
| + | "annotate": { | +
| + | "enable": false, | +
| + | "query": "*", | +
| + | "size": 20, | +
| + | "field": "_type", | +
| + | "sort": [ | +
| + | "_score", | +
| + | "desc" | +
| + | ] | +
| + | }, | +
| + | "auto_int": false, | +
| + | "resolution": 100, | +
| + | "interval": "1d", | +
| + | "intervals": [ | +
| + | "auto", | +
| + | "1s", | +
| + | "1m", | +
| + | "5m", | +
| + | "10m", | +
| + | "30m", | +
| + | "1h", | +
| + | "3h", | +
| + | "12h", | +
| + | "1d", | +
| + | "1w", | +
| + | "1y" | +
| + | ], | +
| + | "lines": true, | +
| + | "fill": 0, | +
| + | "linewidth": 3, | +
| + | "points": false, | +
| + | "pointradius": 5, | +
| + | "bars": false, | +
| + | "stack": true, | +
| + | "spyable": true, | +
| + | "zoomlinks": true, | +
| + | "options": true, | +
| + | "legend": true, | +
| + | "show_query": true, | +
| + | "interactive": true, | +
| + | "legend_counts": true, | +
| + | "timezone": "browser", | +
| + | "percentage": false, | +
| + | "zerofill": true, | +
| + | "derivative": false, | +
| + | "tooltip": { | +
| + | "value_type": "cumulative", | +
| + | "query_as_alias": true | +
| + | }, | +
| + | "title": "Histogram", | +
| + | "scaleSeconds": false | +
| + | } | +
| + | ], | +
| + | "notice": false | +
| + | }, | +
| + | { | +
| + | "title": "Usernames", | +
| + | "height": "300px", | +
| + | "editable": true, | +
| + | "collapse": false, | +
| + | "collapsable": true, | +
| + | "panels": [ | +
| + | { | +
| + | "error": false, | +
| + | "span": 6, | +
| + | "editable": true, | +
| + | "type": "terms", | +
| + | "loadingEditor": false, | +
| + | "field": "username", | +
| + | "exclude": [], | +
| + | "missing": false, | +
| + | "other": false, | +
| + | "size": 20, | +
| + | "order": "count", | +
| + | "style": { | +
| + | "font-size": "10pt" | +
| + | }, | +
| + | "donut": false, | +
| + | "tilt": false, | +
| + | "labels": true, | +
| + | "arrangement": "horizontal", | +
| + | "chart": "bar", | +
| + | "counter_pos": "above", | +
| + | "spyable": true, | +
| + | "queries": { | +
| + | "mode": "all", | +
| + | "ids": [ | +
| + | 0 | +
| + | ] | +
| + | }, | +
| + | "tmode": "terms", | +
| + | "tstat": "total", | +
| + | "valuefield": "", | +
| + | "title": "Usernames (top 20)" | +
| + | }, | +
| + | { | +
| + | "error": false, | +
| + | "span": 6, | +
| + | "editable": true, | +
| + | "type": "terms", | +
| + | "loadingEditor": false, | +
| + | "field": "username", | +
| + | "exclude": [], | +
| + | "missing": false, | +
| + | "other": false, | +
| + | "size": 20, | +
| + | "order": "count", | +
| + | "style": { | +
| + | "font-size": "10pt" | +
| + | }, | +
| + | "donut": false, | +
| + | "tilt": false, | +
| + | "labels": true, | +
| + | "arrangement": "horizontal", | +
| + | "chart": "pie", | +
| + | "counter_pos": "above", | +
| + | "spyable": true, | +
| + | "queries": { | +
| + | "mode": "all", | +
| + | "ids": [ | +
| + | 0 | +
| + | ] | +
| + | }, | +
| + | "tmode": "terms", | +
| + | "tstat": "total", | +
| + | "valuefield": "", | +
| + | "title": "Usernames (top 20)" | +
| + | } | +
| + | ], | +
| + | "notice": false | +
| + | }, | +
| + | { | +
| + | "title": "Passwords", | +
| + | "height": "300px", | +
| + | "editable": true, | +
| + | "collapse": false, | +
| + | "collapsable": true, | +
| + | "panels": [ | +
| + | { | +
| + | "error": false, | +
| + | "span": 6, | +
| + | "editable": true, | +
| + | "type": "terms", | +
| + | "loadingEditor": false, | +
| + | "field": "password", | +
| + | "exclude": [], | +
| + | "missing": false, | +
| + | "other": false, | +
| + | "size": 20, | +
| + | "order": "count", | +
| + | "style": { | +
| + | "font-size": "10pt" | +
| + | }, | +
| + | "donut": false, | +
| + | "tilt": false, | +
| + | "labels": true, | +
| + | "arrangement": "horizontal", | +
| + | "chart": "bar", | +
| + | "counter_pos": "above", | +
| + | "spyable": true, | +
| + | "queries": { | +
| + | "mode": "all", | +
| + | "ids": [ | +
| + | 0 | +
| + | ] | +
| + | }, | +
| + | "tmode": "terms", | +
| + | "tstat": "total", | +
| + | "valuefield": "", | +
| + | "title": "Passwords (top 20)" | +
| + | }, | +
| + | { | +
| + | "error": false, | +
| + | "span": 6, | +
| + | "editable": true, | +
| + | "type": "terms", | +
| + | "loadingEditor": false, | +
| + | "field": "password", | +
| + | "exclude": [], | +
| + | "missing": false, | +
| + | "other": false, | +
| + | "size": 20, | +
| + | "order": "count", | +
| + | "style": { | +
| + | "font-size": "10pt" | +
| + | }, | +
| + | "donut": false, | +
| + | "tilt": false, | +
| + | "labels": true, | +
| + | "arrangement": "horizontal", | +
| + | "chart": "pie", | +
| + | "counter_pos": "above", | +
| + | "spyable": true, | +
| + | "queries": { | +
| + | "mode": "all", | +
| + | "ids": [ | +
| + | 0 | +
| + | ] | +
| + | }, | +
| + | "tmode": "terms", | +
| + | "tstat": "total", | +
| + | "valuefield": "", | +
| + | "title": "Passwords (top 20)" | +
| + | } | +
| + | ], | +
| + | "notice": false | +
| + | }, | +
| + | { | +
| + | "title": "Clients", | +
| + | "height": "300px", | +
| + | "editable": true, | +
| + | "collapse": false, | +
| + | "collapsable": true, | +
| + | "panels": [ | +
| + | { | +
| + | "error": false, | +
| + | "span": 6, | +
| + | "editable": true, | +
| + | "type": "terms", | +
| + | "loadingEditor": false, | +
| + | "field": "client", | +
| + | "exclude": [], | +
| + | "missing": false, | +
| + | "other": false, | +
| + | "size": 20, | +
| + | "order": "count", | +
| + | "style": { | +
| + | "font-size": "10pt" | +
| + | }, | +
| + | "donut": false, | +
| + | "tilt": false, | +
| + | "labels": true, | +
| + | "arrangement": "horizontal", | +
| + | "chart": "bar", | +
| + | "counter_pos": "above", | +
| + | "spyable": true, | +
| + | "queries": { | +
| + | "mode": "all", | +
| + | "ids": [ | +
| + | 0 | +
| + | ] | +
| + | }, | +
| + | "tmode": "terms", | +
| + | "tstat": "total", | +
| + | "valuefield": "", | +
| + | "title": "SSH clients (top 20)" | +
| + | }, | +
| + | { | +
| + | "error": false, | +
| + | "span": 6, | +
| + | "editable": true, | +
| + | "type": "terms", | +
| + | "loadingEditor": false, | +
| + | "field": "client", | +
| + | "exclude": [], | +
| + | "missing": false, | +
| + | "other": false, | +
| + | "size": 20, | +
| + | "order": "count", | +
| + | "style": { | +
| + | "font-size": "10pt" | +
| + | }, | +
| + | "donut": false, | +
| + | "tilt": false, | +
| + | "labels": true, | +
| + | "arrangement": "horizontal", | +
| + | "chart": "pie", | +
| + | "counter_pos": "above", | +
| + | "spyable": true, | +
| + | "queries": { | +
| + | "mode": "all", | +
| + | "ids": [ | +
| + | 0 | +
| + | ] | +
| + | }, | +
| + | "tmode": "terms", | +
| + | "tstat": "total", | +
| + | "valuefield": "", | +
| + | "title": "SSH clients (top 20)" | +
| + | } | +
| + | ], | +
| + | "notice": false | +
| + | }, | +
| + | { | +
| + | "title": "Maps", | +
| + | "height": "450px", | +
| + | "editable": true, | +
| + | "collapse": false, | +
| + | "collapsable": true, | +
| + | "panels": [ | +
| + | { | +
| + | "error": false, | +
| + | "span": 8, | +
| + | "editable": true, | +
| + | "type": "map", | +
| + | "loadingEditor": false, | +
| + | "map": "world", | +
| + | "colors": [ | +
| + | "#A0E2E2", | +
| + | "#265656" | +
| + | ], | +
| + | "size": 100, | +
| + | "exclude": [], | +
| + | "spyable": true, | +
| + | "queries": { | +
| + | "mode": "all", | +
| + | "ids": [ | +
| + | 0 | +
| + | ] | +
| + | }, | +
| + | "title": "Attack map (world)", | +
| + | "field": "country_code2" | +
| + | }, | +
| + | { | +
| + | "error": false, | +
| + | "span": 4, | +
| + | "editable": true, | +
| + | "type": "map", | +
| + | "loadingEditor": false, | +
| + | "map": "europe", | +
| + | "colors": [ | +
| + | "#A0E2E2", | +
| + | "#265656" | +
| + | ], | +
| + | "size": 100, | +
| + | "exclude": [], | +
| + | "spyable": true, | +
| + | "queries": { | +
| + | "mode": "all", | +
| + | "ids": [ | +
| + | 0 | +
| + | ] | +
| + | }, | +
| + | "title": "Attack map (Europe)", | +
| + | "field": "country_code2" | +
| + | } | +
| + | ], | +
| + | "notice": false | +
| + | }, | +
| + | { | +
| + | "title": "Events", | +
| + | "height": "650px", | +
| + | "editable": true, | +
| + | "collapse": false, | +
| + | "collapsable": true, | +
| + | "panels": [ | +
| + | { | +
| + | "error": false, | +
| + | "span": 12, | +
| + | "editable": true, | +
| + | "group": [ | +
| + | "default" | +
| + | ], | +
| + | "type": "table", | +
| + | "size": 100, | +
| + | "pages": 5, | +
| + | "offset": 0, | +
| + | "sort": [ | +
| + | "_score", | +
| + | "desc" | +
| + | ], | +
| + | "style": { | +
| + | "font-size": "9pt" | +
| + | }, | +
| + | "overflow": "min-height", | +
| + | "fields": [], | +
| + | "highlight": [], | +
| + | "sortable": true, | +
| + | "header": true, | +
| + | "paging": true, | +
| + | "spyable": true, | +
| + | "queries": { | +
| + | "mode": "all", | +
| + | "ids": [ | +
| + | 0 | +
| + | ] | +
| + | }, | +
| + | "field_list": true, | +
| + | "status": "Stable", | +
| + | "trimFactor": 300, | +
| + | "normTimes": true, | +
| + | "title": "Documents", | +
| + | "all_fields": false, | +
| + | "localTime": false, | +
| + | "timeField": "@timestamp" | +
| + | } | +
| + | ], | +
| + | "notice": false | +
| + | } | +
| + | ], | +
| + | "editable": true, | +
| + | "index": { | +
| + | "interval": "none", | +
| + | "pattern": "[logstash-]YYYY.MM.DD", | +
| + | "default": "_all", | +
| + | "warm_fields": false | +
| + | }, | +
| + | "style": "dark", | +
| + | "failover": false, | +
| + | "panel_hints": true, | +
| + | "loader": { | +
| + | "save_gist": false, | +
| + | "save_elasticsearch": true, | +
| + | "save_local": true, | +
| + | "save_default": true, | +
| + | "save_temp": true, | +
| + | "save_temp_ttl_enable": true, | +
| + | "save_temp_ttl": "30d", | +
| + | "load_gist": true, | +
| + | "load_elasticsearch": true, | +
| + | "load_elasticsearch_size": 20, | +
| + | "load_local": true, | +
| + | "hide": false | +
| + | }, | +
| + | "pulldowns": [ | +
| + | { | +
| + | "type": "query", | +
| + | "collapse": false, | +
| + | "notice": false, | +
| + | "query": "*", | +
| + | "pinned": true, | +
| + | "history": [], | +
| + | "remember": 10, | +
| + | "enable": true | +
| + | }, | +
| + | { | +
| + | "type": "filtering", | +
| + | "collapse": false, | +
| + | "notice": true, | +
| + | "enable": true | +
| + | } | +
| + | ], | +
| + | "nav": [ | +
| + | { | +
| + | "type": "timepicker", | +
| + | "collapse": false, | +
| + | "notice": false, | +
| + | "status": "Stable", | +
| + | "time_options": [ | +
| + | "5m", | +
| + | "15m", | +
| + | "1h", | +
| + | "6h", | +
| + | "12h", | +
| + | "24h", | +
| + | "2d", | +
| + | "7d", | +
| + | "30d" | +
| + | ], | +
| + | "refresh_intervals": [ | +
| + | "5s", | +
| + | "10s", | +
| + | "30s", | +
| + | "1m", | +
| + | "5m", | +
| + | "15m", | +
| + | "30m", | +
| + | "1h", | +
| + | "2h", | +
| + | "1d" | +
| + | ], | +
| + | "timefield": "timestamp", | +
| + | "enable": true | +
| + | } | +
| + | ], | +
| + | "refresh": false | +
| + | } | +