diff --git a/utils/kibana-kippo.conf b/utils/kibana-kippo.conf index 822b487..e23ed52 100644 --- a/utils/kibana-kippo.conf +++ b/utils/kibana-kippo.conf @@ -1,3042 +1,632 @@ - - - - - - - - - - - - - kippo2elasticsearch/Kippo2ElasticSearch.json at master · ikoniaris/kippo2elasticsearch · GitHub - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Skip to content -
- - - - - - - - - - - -
-
-
- -
-
-
- - - -

- - /kippo2elasticsearch - - - - - -

-
-
- -
-
-
- - - -
- - -
-

HTTPS clone URL

-
- - - - -
-
- - -
-

Subversion checkout URL

-
- - - - -
-
- - -

You can clone with - HTTPS - or Subversion. - - - -

- - - - - - Download ZIP - -
-
- -
- - - - - - -
- -
- - - branch: - master - - - -
- -
- - - - -
- -
- kippo2elasticsearch / Kippo2ElasticSearch.json -
-
- - -
-
- Ion - - -
- Kibana exported dashboard -
-
- -
-

- - 1 - contributor - -

- -
- -
- -
-
-
-
- 632 lines (632 sloc) - - 14.312 kb -
-
-
- Raw - Blame - History -
- - - - - - - -
-
- - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{
"title": "Kippo2ElasticSearch",
"services": {
"query": {
"list": {
"0": {
"query": "*",
"alias": "",
"color": "#7EB26D",
"id": 0,
"pin": false,
"type": "lucene",
"enable": true
}
},
"ids": [
0
]
},
"filter": {
"list": {},
"ids": []
}
},
"rows": [
{
"title": "Graph",
"height": "250px",
"editable": true,
"collapse": false,
"collapsable": true,
"panels": [
{
"error": false,
"span": 3,
"editable": true,
"group": [
"default"
],
"type": "terms",
"queries": {
"mode": "all",
"ids": [
0
]
},
"field": "_type",
"exclude": [],
"missing": true,
"other": true,
"size": 10,
"order": "count",
"style": {
"font-size": "10pt"
},
"donut": false,
"tilt": false,
"labels": true,
"arrangement": "horizontal",
"chart": "table",
"counter_pos": "above",
"spyable": true,
"title": "Document Types",
"tmode": "terms",
"tstat": "total",
"valuefield": ""
},
{
"error": false,
"span": 3,
"editable": true,
"type": "terms",
"loadingEditor": false,
"field": "success",
"exclude": [],
"missing": true,
"other": true,
"size": 5,
"order": "count",
"style": {
"font-size": "10pt"
},
"donut": false,
"tilt": false,
"labels": true,
"arrangement": "horizontal",
"chart": "table",
"counter_pos": "above",
"spyable": true,
"queries": {
"mode": "all",
"ids": [
0
]
},
"tmode": "terms",
"tstat": "total",
"valuefield": "",
"title": "Successes"
},
{
"error": false,
"span": 3,
"editable": true,
"type": "terms",
"loadingEditor": false,
"field": "sensor",
"exclude": [],
"missing": false,
"other": false,
"size": 5,
"order": "count",
"style": {
"font-size": "10pt"
},
"donut": false,
"tilt": false,
"labels": true,
"arrangement": "horizontal",
"chart": "table",
"counter_pos": "above",
"spyable": true,
"queries": {
"mode": "all",
"ids": [
0
]
},
"tmode": "terms",
"tstat": "total",
"valuefield": "",
"title": "Sensors"
}
],
"notice": false
},
{
"title": "Histogram",
"height": "300px",
"editable": true,
"collapse": false,
"collapsable": true,
"panels": [
{
"span": 12,
"editable": true,
"type": "histogram",
"loadingEditor": false,
"mode": "count",
"time_field": "timestamp",
"value_field": null,
"x-axis": true,
"y-axis": true,
"scale": 1,
"y_format": "none",
"grid": {
"max": null,
"min": 0
},
"queries": {
"mode": "all",
"ids": [
0
]
},
"annotate": {
"enable": false,
"query": "*",
"size": 20,
"field": "_type",
"sort": [
"_score",
"desc"
]
},
"auto_int": false,
"resolution": 100,
"interval": "1d",
"intervals": [
"auto",
"1s",
"1m",
"5m",
"10m",
"30m",
"1h",
"3h",
"12h",
"1d",
"1w",
"1y"
],
"lines": true,
"fill": 0,
"linewidth": 3,
"points": false,
"pointradius": 5,
"bars": false,
"stack": true,
"spyable": true,
"zoomlinks": true,
"options": true,
"legend": true,
"show_query": true,
"interactive": true,
"legend_counts": true,
"timezone": "browser",
"percentage": false,
"zerofill": true,
"derivative": false,
"tooltip": {
"value_type": "cumulative",
"query_as_alias": true
},
"title": "Histogram",
"scaleSeconds": false
}
],
"notice": false
},
{
"title": "Usernames",
"height": "300px",
"editable": true,
"collapse": false,
"collapsable": true,
"panels": [
{
"error": false,
"span": 6,
"editable": true,
"type": "terms",
"loadingEditor": false,
"field": "username",
"exclude": [],
"missing": false,
"other": false,
"size": 20,
"order": "count",
"style": {
"font-size": "10pt"
},
"donut": false,
"tilt": false,
"labels": true,
"arrangement": "horizontal",
"chart": "bar",
"counter_pos": "above",
"spyable": true,
"queries": {
"mode": "all",
"ids": [
0
]
},
"tmode": "terms",
"tstat": "total",
"valuefield": "",
"title": "Usernames (top 20)"
},
{
"error": false,
"span": 6,
"editable": true,
"type": "terms",
"loadingEditor": false,
"field": "username",
"exclude": [],
"missing": false,
"other": false,
"size": 20,
"order": "count",
"style": {
"font-size": "10pt"
},
"donut": false,
"tilt": false,
"labels": true,
"arrangement": "horizontal",
"chart": "pie",
"counter_pos": "above",
"spyable": true,
"queries": {
"mode": "all",
"ids": [
0
]
},
"tmode": "terms",
"tstat": "total",
"valuefield": "",
"title": "Usernames (top 20)"
}
],
"notice": false
},
{
"title": "Passwords",
"height": "300px",
"editable": true,
"collapse": false,
"collapsable": true,
"panels": [
{
"error": false,
"span": 6,
"editable": true,
"type": "terms",
"loadingEditor": false,
"field": "password",
"exclude": [],
"missing": false,
"other": false,
"size": 20,
"order": "count",
"style": {
"font-size": "10pt"
},
"donut": false,
"tilt": false,
"labels": true,
"arrangement": "horizontal",
"chart": "bar",
"counter_pos": "above",
"spyable": true,
"queries": {
"mode": "all",
"ids": [
0
]
},
"tmode": "terms",
"tstat": "total",
"valuefield": "",
"title": "Passwords (top 20)"
},
{
"error": false,
"span": 6,
"editable": true,
"type": "terms",
"loadingEditor": false,
"field": "password",
"exclude": [],
"missing": false,
"other": false,
"size": 20,
"order": "count",
"style": {
"font-size": "10pt"
},
"donut": false,
"tilt": false,
"labels": true,
"arrangement": "horizontal",
"chart": "pie",
"counter_pos": "above",
"spyable": true,
"queries": {
"mode": "all",
"ids": [
0
]
},
"tmode": "terms",
"tstat": "total",
"valuefield": "",
"title": "Passwords (top 20)"
}
],
"notice": false
},
{
"title": "Clients",
"height": "300px",
"editable": true,
"collapse": false,
"collapsable": true,
"panels": [
{
"error": false,
"span": 6,
"editable": true,
"type": "terms",
"loadingEditor": false,
"field": "client",
"exclude": [],
"missing": false,
"other": false,
"size": 20,
"order": "count",
"style": {
"font-size": "10pt"
},
"donut": false,
"tilt": false,
"labels": true,
"arrangement": "horizontal",
"chart": "bar",
"counter_pos": "above",
"spyable": true,
"queries": {
"mode": "all",
"ids": [
0
]
},
"tmode": "terms",
"tstat": "total",
"valuefield": "",
"title": "SSH clients (top 20)"
},
{
"error": false,
"span": 6,
"editable": true,
"type": "terms",
"loadingEditor": false,
"field": "client",
"exclude": [],
"missing": false,
"other": false,
"size": 20,
"order": "count",
"style": {
"font-size": "10pt"
},
"donut": false,
"tilt": false,
"labels": true,
"arrangement": "horizontal",
"chart": "pie",
"counter_pos": "above",
"spyable": true,
"queries": {
"mode": "all",
"ids": [
0
]
},
"tmode": "terms",
"tstat": "total",
"valuefield": "",
"title": "SSH clients (top 20)"
}
],
"notice": false
},
{
"title": "Maps",
"height": "450px",
"editable": true,
"collapse": false,
"collapsable": true,
"panels": [
{
"error": false,
"span": 8,
"editable": true,
"type": "map",
"loadingEditor": false,
"map": "world",
"colors": [
"#A0E2E2",
"#265656"
],
"size": 100,
"exclude": [],
"spyable": true,
"queries": {
"mode": "all",
"ids": [
0
]
},
"title": "Attack map (world)",
"field": "country_code2"
},
{
"error": false,
"span": 4,
"editable": true,
"type": "map",
"loadingEditor": false,
"map": "europe",
"colors": [
"#A0E2E2",
"#265656"
],
"size": 100,
"exclude": [],
"spyable": true,
"queries": {
"mode": "all",
"ids": [
0
]
},
"title": "Attack map (Europe)",
"field": "country_code2"
}
],
"notice": false
},
{
"title": "Events",
"height": "650px",
"editable": true,
"collapse": false,
"collapsable": true,
"panels": [
{
"error": false,
"span": 12,
"editable": true,
"group": [
"default"
],
"type": "table",
"size": 100,
"pages": 5,
"offset": 0,
"sort": [
"_score",
"desc"
],
"style": {
"font-size": "9pt"
},
"overflow": "min-height",
"fields": [],
"highlight": [],
"sortable": true,
"header": true,
"paging": true,
"spyable": true,
"queries": {
"mode": "all",
"ids": [
0
]
},
"field_list": true,
"status": "Stable",
"trimFactor": 300,
"normTimes": true,
"title": "Documents",
"all_fields": false,
"localTime": false,
"timeField": "@timestamp"
}
],
"notice": false
}
],
"editable": true,
"index": {
"interval": "none",
"pattern": "[logstash-]YYYY.MM.DD",
"default": "_all",
"warm_fields": false
},
"style": "dark",
"failover": false,
"panel_hints": true,
"loader": {
"save_gist": false,
"save_elasticsearch": true,
"save_local": true,
"save_default": true,
"save_temp": true,
"save_temp_ttl_enable": true,
"save_temp_ttl": "30d",
"load_gist": true,
"load_elasticsearch": true,
"load_elasticsearch_size": 20,
"load_local": true,
"hide": false
},
"pulldowns": [
{
"type": "query",
"collapse": false,
"notice": false,
"query": "*",
"pinned": true,
"history": [],
"remember": 10,
"enable": true
},
{
"type": "filtering",
"collapse": false,
"notice": true,
"enable": true
}
],
"nav": [
{
"type": "timepicker",
"collapse": false,
"notice": false,
"status": "Stable",
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
],
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"timefield": "timestamp",
"enable": true
}
],
"refresh": false
}
- -
- -
-
- -Jump to Line - - -
- -
-
-
-
- - -
- -
- -
- - -
-
-
- -
-
-
- - - - - - -
-
- - - -
- - - Something went wrong with that request. Please try again. -
- - - - - - - - - +{ + "title": "Kippo2ElasticSearch", + "services": { + "query": { + "list": { + "0": { + "query": "*", + "alias": "", + "color": "#7EB26D", + "id": 0, + "pin": false, + "type": "lucene", + "enable": true + } + }, + "ids": [ + 0 + ] + }, + "filter": { + "list": {}, + "ids": [] + } + }, + "rows": [ + { + "title": "Graph", + "height": "250px", + "editable": true, + "collapse": false, + "collapsable": true, + "panels": [ + { + "error": false, + "span": 3, + "editable": true, + "group": [ + "default" + ], + "type": "terms", + "queries": { + "mode": "all", + "ids": [ + 0 + ] + }, + "field": "_type", + "exclude": [], + "missing": true, + "other": true, + "size": 10, + "order": "count", + "style": { + "font-size": "10pt" + }, + "donut": false, + "tilt": false, + "labels": true, + "arrangement": "horizontal", + "chart": "table", + "counter_pos": "above", + "spyable": true, + "title": "Document Types", + "tmode": "terms", + "tstat": "total", + "valuefield": "" + }, + { + "error": false, + "span": 3, + "editable": true, + "type": "terms", + "loadingEditor": false, + "field": "success", + "exclude": [], + "missing": true, + "other": true, + "size": 5, + "order": "count", + "style": { + "font-size": "10pt" + }, + "donut": false, + "tilt": false, + "labels": true, + "arrangement": "horizontal", + "chart": "table", + "counter_pos": "above", + "spyable": true, + "queries": { + "mode": "all", + "ids": [ + 0 + ] + }, + "tmode": "terms", + "tstat": "total", + "valuefield": "", + "title": "Successes" + }, + { + "error": false, + "span": 3, + "editable": true, + "type": "terms", + "loadingEditor": false, + "field": "sensor", + "exclude": [], + "missing": false, + "other": false, + "size": 5, + "order": "count", + "style": { + "font-size": "10pt" + }, + "donut": false, + "tilt": false, + "labels": true, + "arrangement": "horizontal", + "chart": "table", + "counter_pos": "above", + "spyable": true, + "queries": { + "mode": "all", + "ids": [ + 0 + ] + }, + "tmode": "terms", + "tstat": "total", + "valuefield": "", + "title": "Sensors" + } + ], + "notice": false + }, + { + "title": "Histogram", + "height": "300px", + "editable": true, + "collapse": false, + "collapsable": true, + "panels": [ + { + "span": 12, + "editable": true, + "type": "histogram", + "loadingEditor": false, + "mode": "count", + "time_field": "timestamp", + "value_field": null, + "x-axis": true, + "y-axis": true, + "scale": 1, + "y_format": "none", + "grid": { + "max": null, + "min": 0 + }, + "queries": { + "mode": "all", + "ids": [ + 0 + ] + }, + "annotate": { + "enable": false, + "query": "*", + "size": 20, + "field": "_type", + "sort": [ + "_score", + "desc" + ] + }, + "auto_int": false, + "resolution": 100, + "interval": "1d", + "intervals": [ + "auto", + "1s", + "1m", + "5m", + "10m", + "30m", + "1h", + "3h", + "12h", + "1d", + "1w", + "1y" + ], + "lines": true, + "fill": 0, + "linewidth": 3, + "points": false, + "pointradius": 5, + "bars": false, + "stack": true, + "spyable": true, + "zoomlinks": true, + "options": true, + "legend": true, + "show_query": true, + "interactive": true, + "legend_counts": true, + "timezone": "browser", + "percentage": false, + "zerofill": true, + "derivative": false, + "tooltip": { + "value_type": "cumulative", + "query_as_alias": true + }, + "title": "Histogram", + "scaleSeconds": false + } + ], + "notice": false + }, + { + "title": "Usernames", + "height": "300px", + "editable": true, + "collapse": false, + "collapsable": true, + "panels": [ + { + "error": false, + "span": 6, + "editable": true, + "type": "terms", + "loadingEditor": false, + "field": "username", + "exclude": [], + "missing": false, + "other": false, + "size": 20, + "order": "count", + "style": { + "font-size": "10pt" + }, + "donut": false, + "tilt": false, + "labels": true, + "arrangement": "horizontal", + "chart": "bar", + "counter_pos": "above", + "spyable": true, + "queries": { + "mode": "all", + "ids": [ + 0 + ] + }, + "tmode": "terms", + "tstat": "total", + "valuefield": "", + "title": "Usernames (top 20)" + }, + { + "error": false, + "span": 6, + "editable": true, + "type": "terms", + "loadingEditor": false, + "field": "username", + "exclude": [], + "missing": false, + "other": false, + "size": 20, + "order": "count", + "style": { + "font-size": "10pt" + }, + "donut": false, + "tilt": false, + "labels": true, + "arrangement": "horizontal", + "chart": "pie", + "counter_pos": "above", + "spyable": true, + "queries": { + "mode": "all", + "ids": [ + 0 + ] + }, + "tmode": "terms", + "tstat": "total", + "valuefield": "", + "title": "Usernames (top 20)" + } + ], + "notice": false + }, + { + "title": "Passwords", + "height": "300px", + "editable": true, + "collapse": false, + "collapsable": true, + "panels": [ + { + "error": false, + "span": 6, + "editable": true, + "type": "terms", + "loadingEditor": false, + "field": "password", + "exclude": [], + "missing": false, + "other": false, + "size": 20, + "order": "count", + "style": { + "font-size": "10pt" + }, + "donut": false, + "tilt": false, + "labels": true, + "arrangement": "horizontal", + "chart": "bar", + "counter_pos": "above", + "spyable": true, + "queries": { + "mode": "all", + "ids": [ + 0 + ] + }, + "tmode": "terms", + "tstat": "total", + "valuefield": "", + "title": "Passwords (top 20)" + }, + { + "error": false, + "span": 6, + "editable": true, + "type": "terms", + "loadingEditor": false, + "field": "password", + "exclude": [], + "missing": false, + "other": false, + "size": 20, + "order": "count", + "style": { + "font-size": "10pt" + }, + "donut": false, + "tilt": false, + "labels": true, + "arrangement": "horizontal", + "chart": "pie", + "counter_pos": "above", + "spyable": true, + "queries": { + "mode": "all", + "ids": [ + 0 + ] + }, + "tmode": "terms", + "tstat": "total", + "valuefield": "", + "title": "Passwords (top 20)" + } + ], + "notice": false + }, + { + "title": "Clients", + "height": "300px", + "editable": true, + "collapse": false, + "collapsable": true, + "panels": [ + { + "error": false, + "span": 6, + "editable": true, + "type": "terms", + "loadingEditor": false, + "field": "client", + "exclude": [], + "missing": false, + "other": false, + "size": 20, + "order": "count", + "style": { + "font-size": "10pt" + }, + "donut": false, + "tilt": false, + "labels": true, + "arrangement": "horizontal", + "chart": "bar", + "counter_pos": "above", + "spyable": true, + "queries": { + "mode": "all", + "ids": [ + 0 + ] + }, + "tmode": "terms", + "tstat": "total", + "valuefield": "", + "title": "SSH clients (top 20)" + }, + { + "error": false, + "span": 6, + "editable": true, + "type": "terms", + "loadingEditor": false, + "field": "client", + "exclude": [], + "missing": false, + "other": false, + "size": 20, + "order": "count", + "style": { + "font-size": "10pt" + }, + "donut": false, + "tilt": false, + "labels": true, + "arrangement": "horizontal", + "chart": "pie", + "counter_pos": "above", + "spyable": true, + "queries": { + "mode": "all", + "ids": [ + 0 + ] + }, + "tmode": "terms", + "tstat": "total", + "valuefield": "", + "title": "SSH clients (top 20)" + } + ], + "notice": false + }, + { + "title": "Maps", + "height": "450px", + "editable": true, + "collapse": false, + "collapsable": true, + "panels": [ + { + "error": false, + "span": 8, + "editable": true, + "type": "map", + "loadingEditor": false, + "map": "world", + "colors": [ + "#A0E2E2", + "#265656" + ], + "size": 100, + "exclude": [], + "spyable": true, + "queries": { + "mode": "all", + "ids": [ + 0 + ] + }, + "title": "Attack map (world)", + "field": "country_code2" + }, + { + "error": false, + "span": 4, + "editable": true, + "type": "map", + "loadingEditor": false, + "map": "europe", + "colors": [ + "#A0E2E2", + "#265656" + ], + "size": 100, + "exclude": [], + "spyable": true, + "queries": { + "mode": "all", + "ids": [ + 0 + ] + }, + "title": "Attack map (Europe)", + "field": "country_code2" + } + ], + "notice": false + }, + { + "title": "Events", + "height": "650px", + "editable": true, + "collapse": false, + "collapsable": true, + "panels": [ + { + "error": false, + "span": 12, + "editable": true, + "group": [ + "default" + ], + "type": "table", + "size": 100, + "pages": 5, + "offset": 0, + "sort": [ + "_score", + "desc" + ], + "style": { + "font-size": "9pt" + }, + "overflow": "min-height", + "fields": [], + "highlight": [], + "sortable": true, + "header": true, + "paging": true, + "spyable": true, + "queries": { + "mode": "all", + "ids": [ + 0 + ] + }, + "field_list": true, + "status": "Stable", + "trimFactor": 300, + "normTimes": true, + "title": "Documents", + "all_fields": false, + "localTime": false, + "timeField": "@timestamp" + } + ], + "notice": false + } + ], + "editable": true, + "index": { + "interval": "none", + "pattern": "[logstash-]YYYY.MM.DD", + "default": "_all", + "warm_fields": false + }, + "style": "dark", + "failover": false, + "panel_hints": true, + "loader": { + "save_gist": false, + "save_elasticsearch": true, + "save_local": true, + "save_default": true, + "save_temp": true, + "save_temp_ttl_enable": true, + "save_temp_ttl": "30d", + "load_gist": true, + "load_elasticsearch": true, + "load_elasticsearch_size": 20, + "load_local": true, + "hide": false + }, + "pulldowns": [ + { + "type": "query", + "collapse": false, + "notice": false, + "query": "*", + "pinned": true, + "history": [], + "remember": 10, + "enable": true + }, + { + "type": "filtering", + "collapse": false, + "notice": true, + "enable": true + } + ], + "nav": [ + { + "type": "timepicker", + "collapse": false, + "notice": false, + "status": "Stable", + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ], + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "timefield": "timestamp", + "enable": true + } + ], + "refresh": false +}