-
Notifications
You must be signed in to change notification settings - Fork 30
/
filebeat.ndjson
18 lines (18 loc) · 36.8 KB
/
filebeat.ndjson
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
{"attributes":{"fieldAttrs":"{\"destination.ip\":{\"count\":4},\"destination.port\":{\"count\":2},\"rule.name\":{\"count\":1},\"source.ip\":{\"count\":4},\"source.port\":{\"count\":2},\"url.domain\":{\"count\":2},\"url.path\":{\"count\":1},\"dns.answers.data\":{\"count\":2},\"dns.header_flags\":{\"count\":2},\"dns.question.name\":{\"count\":2},\"dns.question.type\":{\"count\":2},\"dns.resolved_ip\":{\"count\":2},\"dns.response_code\":{\"count\":2},\"file.hash.md5\":{\"count\":2},\"file.mime_type\":{\"count\":2},\"file.size\":{\"count\":2},\"server.ip\":{\"count\":2},\"zeek.session_id\":{\"count\":2},\"http.request.method\":{\"count\":1},\"http.response.status_code\":{\"count\":1},\"url.original\":{\"count\":1},\"zeek.ssl.server.name\":{\"count\":2},\"agent.hostname\":{\"count\":1},\"host.name\":{\"count\":1},\"related.hosts\":{\"count\":1},\"suricata.eve.http.hostname\":{\"count\":1}}","fields":"[]","runtimeFieldMap":"{}","timeFieldName":"event.ingested","title":"file*"},"coreMigrationVersion":"7.17.3","id":"6e2380e0-db71-11eb-8d71-e148878ab61e","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"sort":[1626164062269,30],"type":"index-pattern","updated_at":"2021-07-13T08:14:22.269Z","version":"Wzc1MywyXQ=="}
{"attributes":{"columns":["source.ip","destination.ip","dns.answers.data","dns.header_flags","dns.question.name","dns.question.type","dns.resolved_ip","dns.response_code"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:\\\"zeek.dns\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Zeek DNS","version":1},"coreMigrationVersion":"7.17.3","id":"08f718d0-de55-11eb-91df-03f2eafd6e4e","migrationVersion":{"search":"7.9.3"},"references":[{"id":"6e2380e0-db71-11eb-8d71-e148878ab61e","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1626163316662,18],"type":"search","updated_at":"2021-07-13T08:01:56.662Z","version":"WzczNywyXQ=="}
{"attributes":{"columns":["source.ip","source.port","destination.ip","destination.port","url.domain","url.path","rule.name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"suricata.eve.event_type : \\\"alert\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Suricata Alert Logs","version":1},"coreMigrationVersion":"7.17.3","id":"a960aa40-ddd1-11eb-a3fd-31e52f3ab3dc","migrationVersion":{"search":"7.9.3"},"references":[{"id":"6e2380e0-db71-11eb-8d71-e148878ab61e","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1626163316662,14],"type":"search","updated_at":"2021-07-13T08:01:56.662Z","version":"WzczNSwyXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.17.3\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":12,\"i\":\"a4fd82d0-9922-4e1f-953e-ea1fd010d5e9\"},\"panelIndex\":\"a4fd82d0-9922-4e1f-953e-ea1fd010d5e9\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"ef9096de-67c0-4395-9544-99a7c6b5e2de\":{\"columns\":{\"5f412bcc-8df9-4d88-8958-c2cdf0683945\":{\"label\":\"event.ingested\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"event.ingested\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"24b37f27-4d2d-48d7-9120-2278a1b2a8f5\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"},\"de76ac65-583b-4e84-ba7f-dace42856033\":{\"label\":\"Top values of suricata.eve.event_type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"suricata.eve.event_type\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"24b37f27-4d2d-48d7-9120-2278a1b2a8f5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}}},\"columnOrder\":[\"de76ac65-583b-4e84-ba7f-dace42856033\",\"5f412bcc-8df9-4d88-8958-c2cdf0683945\",\"24b37f27-4d2d-48d7-9120-2278a1b2a8f5\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"ef9096de-67c0-4395-9544-99a7c6b5e2de\",\"accessors\":[\"24b37f27-4d2d-48d7-9120-2278a1b2a8f5\",\"c427f770-6be5-48a3-95ba-f3f24c159b7f\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"5f412bcc-8df9-4d88-8958-c2cdf0683945\",\"splitAccessor\":\"de76ac65-583b-4e84-ba7f-dace42856033\"}]},\"query\":{\"query\":\"tags : \\\"suricata\\\" \",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"6e2380e0-db71-11eb-8d71-e148878ab61e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"6e2380e0-db71-11eb-8d71-e148878ab61e\",\"name\":\"indexpattern-datasource-layer-ef9096de-67c0-4395-9544-99a7c6b5e2de\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Activity [Suricata]\"},{\"version\":\"7.17.3\",\"type\":\"lens\",\"gridData\":{\"x\":28,\"y\":12,\"w\":20,\"h\":12,\"i\":\"c3c05ad5-c3f6-440c-b8db-bcbcedd76222\"},\"panelIndex\":\"c3c05ad5-c3f6-440c-b8db-bcbcedd76222\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"f7695882-226f-4137-b8c6-6f9fd30787b5\":{\"columns\":{\"e343791f-38f6-4b51-916c-68e29da0d24c\":{\"label\":\"Top values of destination.geo.country_name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.geo.country_name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dc49ef9c-fe96-428e-95be-728bea9f8187\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"dc49ef9c-fe96-428e-95be-728bea9f8187\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"e343791f-38f6-4b51-916c-68e29da0d24c\",\"dc49ef9c-fe96-428e-95be-728bea9f8187\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"treemap\",\"layers\":[{\"layerId\":\"f7695882-226f-4137-b8c6-6f9fd30787b5\",\"groups\":[\"e343791f-38f6-4b51-916c-68e29da0d24c\",\"e343791f-38f6-4b51-916c-68e29da0d24c\",\"e343791f-38f6-4b51-916c-68e29da0d24c\",\"e343791f-38f6-4b51-916c-68e29da0d24c\",\"e343791f-38f6-4b51-916c-68e29da0d24c\",\"e343791f-38f6-4b51-916c-68e29da0d24c\",\"e343791f-38f6-4b51-916c-68e29da0d24c\",\"e343791f-38f6-4b51-916c-68e29da0d24c\",\"e343791f-38f6-4b51-916c-68e29da0d24c\",\"e343791f-38f6-4b51-916c-68e29da0d24c\",\"e343791f-38f6-4b51-916c-68e29da0d24c\"],\"metric\":\"dc49ef9c-fe96-428e-95be-728bea9f8187\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"6e2380e0-db71-11eb-8d71-e148878ab61e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"6e2380e0-db71-11eb-8d71-e148878ab61e\",\"name\":\"indexpattern-datasource-layer-f7695882-226f-4137-b8c6-6f9fd30787b5\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Top Destination Countries\"},{\"version\":\"7.17.3\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":12,\"w\":14,\"h\":12,\"i\":\"ff8787ba-07db-443a-bc7d-5d162e0ec607\"},\"panelIndex\":\"ff8787ba-07db-443a-bc7d-5d162e0ec607\",\"embeddableConfig\":{\"attributes\":{\"title\":\"Event Type [Suricata]\",\"description\":\"Donut visualization of Suricata Event Type\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"21d70ffe-1f78-47ba-a9e1-f359138b73a5\":{\"columns\":{\"ee62154a-1cba-4f3c-9e30-d0d37219b849\":{\"label\":\"Top values of suricata.eve.event_type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"suricata.eve.event_type\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"cf8ebe43-ad71-4c8b-ac9f-5a831b30f6d4\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"cf8ebe43-ad71-4c8b-ac9f-5a831b30f6d4\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"ee62154a-1cba-4f3c-9e30-d0d37219b849\",\"cf8ebe43-ad71-4c8b-ac9f-5a831b30f6d4\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"21d70ffe-1f78-47ba-a9e1-f359138b73a5\",\"groups\":[\"ee62154a-1cba-4f3c-9e30-d0d37219b849\"],\"metric\":\"cf8ebe43-ad71-4c8b-ac9f-5a831b30f6d4\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"6e2380e0-db71-11eb-8d71-e148878ab61e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"6e2380e0-db71-11eb-8d71-e148878ab61e\",\"name\":\"indexpattern-datasource-layer-21d70ffe-1f78-47ba-a9e1-f359138b73a5\"}]},\"enhancements\":{}}},{\"version\":\"7.17.3\",\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":12,\"w\":14,\"h\":12,\"i\":\"a27d55b5-82aa-499a-a8ef-3b7a29604da0\"},\"panelIndex\":\"a27d55b5-82aa-499a-a8ef-3b7a29604da0\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"ff021ce4-d5fc-47dc-bb66-52005b06e8da\":{\"columns\":{\"812a17c5-0d99-47c0-b084-3a1b037fb127\":{\"label\":\"Top values of network.transport\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"network.transport\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"15601283-67fc-4271-ae96-1314651feda4\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"15601283-67fc-4271-ae96-1314651feda4\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"812a17c5-0d99-47c0-b084-3a1b037fb127\",\"15601283-67fc-4271-ae96-1314651feda4\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"ff021ce4-d5fc-47dc-bb66-52005b06e8da\",\"groups\":[\"812a17c5-0d99-47c0-b084-3a1b037fb127\"],\"metric\":\"15601283-67fc-4271-ae96-1314651feda4\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"6e2380e0-db71-11eb-8d71-e148878ab61e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"6e2380e0-db71-11eb-8d71-e148878ab61e\",\"name\":\"indexpattern-datasource-layer-ff021ce4-d5fc-47dc-bb66-52005b06e8da\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Top Network Transports\"},{\"version\":\"7.17.3\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":24,\"w\":48,\"h\":12,\"i\":\"a8052516-13e7-436a-8a17-87957f3ee534\"},\"panelIndex\":\"a8052516-13e7-436a-8a17-87957f3ee534\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a8052516-13e7-436a-8a17-87957f3ee534\"}]","timeRestore":false,"title":"Suricata Dashboard","version":1},"coreMigrationVersion":"7.17.3","id":"1fc2efe0-e01b-11eb-92e6-03b94d9b5aa3","migrationVersion":{"dashboard":"7.13.1"},"references":[{"id":"6e2380e0-db71-11eb-8d71-e148878ab61e","name":"a4fd82d0-9922-4e1f-953e-ea1fd010d5e9:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"6e2380e0-db71-11eb-8d71-e148878ab61e","name":"a4fd82d0-9922-4e1f-953e-ea1fd010d5e9:indexpattern-datasource-layer-ef9096de-67c0-4395-9544-99a7c6b5e2de","type":"index-pattern"},{"id":"6e2380e0-db71-11eb-8d71-e148878ab61e","name":"c3c05ad5-c3f6-440c-b8db-bcbcedd76222:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"6e2380e0-db71-11eb-8d71-e148878ab61e","name":"c3c05ad5-c3f6-440c-b8db-bcbcedd76222:indexpattern-datasource-layer-f7695882-226f-4137-b8c6-6f9fd30787b5","type":"index-pattern"},{"id":"6e2380e0-db71-11eb-8d71-e148878ab61e","name":"ff8787ba-07db-443a-bc7d-5d162e0ec607:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"6e2380e0-db71-11eb-8d71-e148878ab61e","name":"ff8787ba-07db-443a-bc7d-5d162e0ec607:indexpattern-datasource-layer-21d70ffe-1f78-47ba-a9e1-f359138b73a5","type":"index-pattern"},{"id":"6e2380e0-db71-11eb-8d71-e148878ab61e","name":"a27d55b5-82aa-499a-a8ef-3b7a29604da0:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"6e2380e0-db71-11eb-8d71-e148878ab61e","name":"a27d55b5-82aa-499a-a8ef-3b7a29604da0:indexpattern-datasource-layer-ff021ce4-d5fc-47dc-bb66-52005b06e8da","type":"index-pattern"},{"id":"a960aa40-ddd1-11eb-a3fd-31e52f3ab3dc","name":"a8052516-13e7-436a-8a17-87957f3ee534:panel_a8052516-13e7-436a-8a17-87957f3ee534","type":"search"},{"id":"1824dd20-e01b-11eb-92e6-03b94d9b5aa3","name":"tag-1824dd20-e01b-11eb-92e6-03b94d9b5aa3","type":"tag"}],"sort":[1626168286207,128],"type":"dashboard","updated_at":"2021-07-13T09:24:46.207Z","version":"WzgzNCwyXQ=="}
{"attributes":{"columns":["server.ip","file.hash.md5","file.mime_type","file.size","zeek.session_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:\\\"zeek.files\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Zeek Files","version":1},"coreMigrationVersion":"7.17.3","id":"3c7d0450-de53-11eb-91df-03f2eafd6e4e","migrationVersion":{"search":"7.9.3"},"references":[{"id":"6e2380e0-db71-11eb-8d71-e148878ab61e","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1626163316662,20],"type":"search","updated_at":"2021-07-13T08:01:56.662Z","version":"WzczOCwyXQ=="}
{"attributes":{"fieldAttrs":"{}","fields":"[]","runtimeFieldMap":"{}","timeFieldName":"@timestamp","title":"filebeat-*"},"coreMigrationVersion":"7.17.3","id":"5b4ca870-db71-11eb-8d71-e148878ab61e","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"sort":[1626163316662,8],"type":"index-pattern","updated_at":"2021-07-13T08:01:56.662Z","version":"WzczMSwyXQ=="}
{"attributes":{"buildNum":40943,"defaultIndex":"6e2380e0-db71-11eb-8d71-e148878ab61e"},"coreMigrationVersion":"7.17.3","id":"7.17.3","migrationVersion":{"config":"7.13.0"},"references":[],"sort":[1626163488230,21],"type":"config","updated_at":"2021-07-13T08:04:48.230Z","version":"WzczOSwyXQ=="}
{"attributes":{"fieldAttrs":"{\"winlog.System.EventID.#text\":{\"count\":3},\"winlog.System.Task\":{\"count\":1},\"winlog.event_data.@Name\":{\"count\":1},\"winlog.event_data.CommandLine\":{\"count\":9},\"winlog.event_data.Image\":{\"count\":3},\"winlog.event_data.IntegrityLevel\":{\"count\":3},\"winlog.event_data.ParentImage\":{\"count\":7},\"winlog.event_data.User\":{\"count\":7},\"winlog.event_data.AccountName\":{\"count\":2},\"winlog.event_data.ImagePath\":{\"count\":2},\"winlog.event_data.ParentCommandLine\":{\"count\":4},\"winlog.event_data.Payload\":{\"count\":3},\"winlog.event_data.ServiceName\":{\"count\":2},\"winlog.event_data.TargetFilename\":{\"count\":3},\"winlog.event_data.TaskName\":{\"count\":2},\"winlog.System.Provider.@Name\":{\"count\":1},\"winlog.event_data.DestinationHostname\":{\"count\":2},\"winlog.event_data.DestinationIp\":{\"count\":2},\"winlog.event_data.DestinationPort\":{\"count\":2},\"winlog.event_data.EventType\":{\"count\":1},\"winlog.event_data.TargetObject\":{\"count\":1}}","fields":"[]","runtimeFieldMap":"{}","timeFieldName":"@timestamp","title":"winlogbeat*"},"coreMigrationVersion":"7.17.3","id":"a6de76c0-ddd2-11eb-a3fd-31e52f3ab3dc","migrationVersion":{"index-pattern":"7.11.0"},"references":[],"sort":[1626174634830,234],"type":"index-pattern","updated_at":"2021-07-13T11:10:34.830Z","version":"WzExMjUsMl0="}
{"attributes":{"columns":["winlog.System.EventID.#text","winlog.event_data.Payload"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Winevent ModuleLogging Powershell","version":1},"coreMigrationVersion":"7.17.3","id":"7d9129e0-e3c5-11eb-91c7-e16bfd6330cb","migrationVersion":{"search":"7.9.3"},"references":[{"id":"a6de76c0-ddd2-11eb-a3fd-31e52f3ab3dc","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1626172291966,141],"type":"search","updated_at":"2021-07-13T10:31:31.966Z","version":"Wzg3MiwyXQ=="}
{"attributes":{"columns":["winlog.System.EventID.#text","winlog.event_data.ParentImage","winlog.event_data.Image","winlog.event_data.CommandLine","winlog.event_data.User","winlog.event_data.IntegrityLevel"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Winevent Commandline","version":1},"coreMigrationVersion":"7.17.3","id":"82e38490-e228-11eb-8e25-1b39fb7248ec","migrationVersion":{"search":"7.9.3"},"references":[{"id":"a6de76c0-ddd2-11eb-a3fd-31e52f3ab3dc","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1626163316662,10],"type":"search","updated_at":"2021-07-13T08:01:56.662Z","version":"WzczMywyXQ=="}
{"attributes":{"columns":["winlog.System.EventID.#text","winlog.event_data.ParentImage","winlog.event_data.CommandLine","winlog.event_data.User","winlog.event_data.TargetObject","winlog.event_data.EventType"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Winevent Regmod","version":1},"coreMigrationVersion":"7.17.3","id":"89c43bd0-e3ca-11eb-91c7-e16bfd6330cb","migrationVersion":{"search":"7.9.3"},"references":[{"id":"a6de76c0-ddd2-11eb-a3fd-31e52f3ab3dc","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1626174459917,180],"type":"search","updated_at":"2021-07-13T11:07:39.917Z","version":"WzEwNzQsMl0="}
{"attributes":{"columns":["source.ip","source.port","destination.ip","destination.port","zeek.ssl.server.name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags:\\\"zeek.ssl\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Zeek SSL","version":1},"coreMigrationVersion":"7.17.3","id":"8e6285e0-de55-11eb-91df-03f2eafd6e4e","migrationVersion":{"search":"7.9.3"},"references":[{"id":"6e2380e0-db71-11eb-8d71-e148878ab61e","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1626163316662,12],"type":"search","updated_at":"2021-07-13T08:01:56.662Z","version":"WzczNCwyXQ=="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.17.3\",\"type\":\"map\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":18,\"i\":\"f9ce358a-4ff1-4cbf-a81b-f18410e7616e\"},\"panelIndex\":\"f9ce358a-4ff1-4cbf-a81b-f18410e7616e\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"layerListJSON\":\"[{\\\"sourceDescriptor\\\":{\\\"type\\\":\\\"EMS_TMS\\\",\\\"isAutoSelect\\\":true},\\\"id\\\":\\\"8db24f20-1376-4c43-8be5-bfa8069e76ff\\\",\\\"label\\\":null,\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":1,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"TILE\\\"},\\\"type\\\":\\\"VECTOR_TILE\\\"},{\\\"sourceDescriptor\\\":{\\\"indexPatternId\\\":\\\"6e2380e0-db71-11eb-8d71-e148878ab61e\\\",\\\"geoField\\\":\\\"destination.geo.location\\\",\\\"filterByMapBounds\\\":true,\\\"scalingType\\\":\\\"CLUSTERS\\\",\\\"id\\\":\\\"63911644-b0b8-40b4-8d2e-36752ae2f7dd\\\",\\\"type\\\":\\\"ES_SEARCH\\\",\\\"applyGlobalQuery\\\":true,\\\"applyGlobalTime\\\":true,\\\"tooltipProperties\\\":[],\\\"sortField\\\":\\\"\\\",\\\"sortOrder\\\":\\\"desc\\\",\\\"topHitsSplitField\\\":\\\"\\\",\\\"topHitsSize\\\":1},\\\"id\\\":\\\"2c3e983b-4299-434a-8326-e199c549e5ef\\\",\\\"label\\\":\\\"Destination Geo\\\",\\\"minZoom\\\":0,\\\"maxZoom\\\":24,\\\"alpha\\\":0.75,\\\"visible\\\":true,\\\"style\\\":{\\\"type\\\":\\\"VECTOR\\\",\\\"properties\\\":{\\\"icon\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"marker\\\"}},\\\"fillColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#54B399\\\"}},\\\"lineColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#41937c\\\"}},\\\"lineWidth\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":1}},\\\"iconSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":6}},\\\"iconOrientation\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"orientation\\\":0}},\\\"labelText\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"value\\\":\\\"\\\"}},\\\"labelColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#000000\\\"}},\\\"labelSize\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"size\\\":14}},\\\"labelBorderColor\\\":{\\\"type\\\":\\\"STATIC\\\",\\\"options\\\":{\\\"color\\\":\\\"#FFFFFF\\\"}},\\\"symbolizeAs\\\":{\\\"options\\\":{\\\"value\\\":\\\"circle\\\"}},\\\"labelBorderSize\\\":{\\\"options\\\":{\\\"size\\\":\\\"SMALL\\\"}}},\\\"isTimeAware\\\":true},\\\"type\\\":\\\"BLENDED_VECTOR\\\",\\\"joins\\\":[]}]\",\"mapStateJSON\":\"{\\\"zoom\\\":1.29,\\\"center\\\":{\\\"lon\\\":0,\\\"lat\\\":19.94277},\\\"timeFilters\\\":{\\\"from\\\":\\\"now-24h\\\",\\\"to\\\":\\\"now\\\"},\\\"refreshConfig\\\":{\\\"isPaused\\\":true,\\\"interval\\\":0},\\\"query\\\":{\\\"query\\\":\\\"\\\",\\\"language\\\":\\\"kuery\\\"},\\\"filters\\\":[],\\\"settings\\\":{\\\"autoFitToDataBounds\\\":false,\\\"backgroundColor\\\":\\\"#ffffff\\\",\\\"disableInteractive\\\":false,\\\"disableTooltipControl\\\":false,\\\"hideToolbarOverlay\\\":false,\\\"hideLayerControl\\\":false,\\\"hideViewControl\\\":false,\\\"initialLocation\\\":\\\"LAST_SAVED_LOCATION\\\",\\\"fixedLocation\\\":{\\\"lat\\\":0,\\\"lon\\\":0,\\\"zoom\\\":2},\\\"browserLocation\\\":{\\\"zoom\\\":2},\\\"maxZoom\\\":24,\\\"minZoom\\\":0,\\\"showScaleControl\\\":false,\\\"showSpatialFilters\\\":true,\\\"spatialFiltersAlpa\\\":0.3,\\\"spatialFiltersFillColor\\\":\\\"#DA8B45\\\",\\\"spatialFiltersLineColor\\\":\\\"#DA8B45\\\"}}\",\"uiStateJSON\":\"{\\\"isLayerTOCOpen\\\":true,\\\"openTOCDetails\\\":[]}\"},\"mapCenter\":{\"lat\":19.94277,\"lon\":0,\"zoom\":1.29},\"mapBuffer\":{\"minLon\":-462.94534,\"minLat\":-96.783325,\"maxLon\":462.94534,\"maxLat\":119.82757500000001},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Destination Geo [Zeek]\"},{\"version\":\"7.17.3\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":18,\"w\":15,\"h\":14,\"i\":\"a818d8dc-d56e-4178-b836-82faa7bee6bf\"},\"panelIndex\":\"a818d8dc-d56e-4178-b836-82faa7bee6bf\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"d1b67913-dd92-45c3-a541-293d22b21d1f\":{\"columns\":{\"f887edfe-0707-4368-a80a-135ebd7a1f62\":{\"label\":\"Top values of network.transport\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"network.transport\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"ccc2275e-7fcb-494b-9f22-aec8ee9339ff\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"ccc2275e-7fcb-494b-9f22-aec8ee9339ff\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"f887edfe-0707-4368-a80a-135ebd7a1f62\",\"ccc2275e-7fcb-494b-9f22-aec8ee9339ff\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"d1b67913-dd92-45c3-a541-293d22b21d1f\",\"groups\":[\"f887edfe-0707-4368-a80a-135ebd7a1f62\"],\"metric\":\"ccc2275e-7fcb-494b-9f22-aec8ee9339ff\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false}]},\"query\":{\"query\":\"not tags : \\\"suricata\\\" \",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"6e2380e0-db71-11eb-8d71-e148878ab61e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"6e2380e0-db71-11eb-8d71-e148878ab61e\",\"name\":\"indexpattern-datasource-layer-d1b67913-dd92-45c3-a541-293d22b21d1f\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Network Transport [Zeek]\"},{\"version\":\"7.17.3\",\"type\":\"lens\",\"gridData\":{\"x\":15,\"y\":18,\"w\":15,\"h\":14,\"i\":\"a54db762-ed95-42db-ab3c-bed22338b3d5\"},\"panelIndex\":\"a54db762-ed95-42db-ab3c-bed22338b3d5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"40380c0f-cd82-4d1a-91aa-03752cd19728\":{\"columns\":{\"74f50c3d-c5fe-4f78-b3ea-dda624412d40\":{\"label\":\"Top values of network.direction\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"network.direction\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"968de280-159e-4bb5-b37c-7f98a012b61f\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"968de280-159e-4bb5-b37c-7f98a012b61f\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"74f50c3d-c5fe-4f78-b3ea-dda624412d40\",\"968de280-159e-4bb5-b37c-7f98a012b61f\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"40380c0f-cd82-4d1a-91aa-03752cd19728\",\"groups\":[\"74f50c3d-c5fe-4f78-b3ea-dda624412d40\"],\"metric\":\"968de280-159e-4bb5-b37c-7f98a012b61f\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false}]},\"query\":{\"query\":\"not tags:\\\"suricata\\\" \",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"6e2380e0-db71-11eb-8d71-e148878ab61e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"6e2380e0-db71-11eb-8d71-e148878ab61e\",\"name\":\"indexpattern-datasource-layer-40380c0f-cd82-4d1a-91aa-03752cd19728\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Network Direction [Zeek]\"},{\"version\":\"7.17.3\",\"type\":\"lens\",\"gridData\":{\"x\":30,\"y\":18,\"w\":18,\"h\":14,\"i\":\"d40a65aa-920c-4896-9f64-70e66fed6e70\"},\"panelIndex\":\"d40a65aa-920c-4896-9f64-70e66fed6e70\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsPie\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"7bf7d6ca-6c06-4695-832e-7085d9327564\":{\"columns\":{\"2614c284-d4cf-4c33-8c16-b9c62b525f9f\":{\"label\":\"Top values of zeek.dns.query\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"zeek.dns.query\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f0bcc01b-8506-49a1-9b5f-47a02f872a60\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false}},\"f0bcc01b-8506-49a1-9b5f-47a02f872a60\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"2614c284-d4cf-4c33-8c16-b9c62b525f9f\",\"f0bcc01b-8506-49a1-9b5f-47a02f872a60\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"7bf7d6ca-6c06-4695-832e-7085d9327564\",\"groups\":[\"2614c284-d4cf-4c33-8c16-b9c62b525f9f\"],\"metric\":\"f0bcc01b-8506-49a1-9b5f-47a02f872a60\",\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"percentDecimals\":2}]},\"query\":{\"query\":\"not tags:\\\"suricata\\\" \",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"6e2380e0-db71-11eb-8d71-e148878ab61e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"6e2380e0-db71-11eb-8d71-e148878ab61e\",\"name\":\"indexpattern-datasource-layer-7bf7d6ca-6c06-4695-832e-7085d9327564\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Top DNS Query [Zeek]\"},{\"version\":\"7.17.3\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":32,\"w\":48,\"h\":11,\"i\":\"aa8ac499-19e0-4664-8944-16af561e1787\"},\"panelIndex\":\"aa8ac499-19e0-4664-8944-16af561e1787\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"type\":\"lens\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"indexpattern\":{\"layers\":{\"9eca674b-afdc-48cb-abd4-e463196ee1a6\":{\"columns\":{\"97841f23-62dd-41b5-a463-6e5dcdde9646\":{\"label\":\"event.ingested\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"event.ingested\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\"}},\"dbe4631d-e457-4328-a510-fbd6776c725b\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"Records\"}},\"columnOrder\":[\"97841f23-62dd-41b5-a463-6e5dcdde9646\",\"dbe4631d-e457-4328-a510-fbd6776c725b\"],\"incompleteColumns\":{}}}}},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"9eca674b-afdc-48cb-abd4-e463196ee1a6\",\"accessors\":[\"dbe4631d-e457-4328-a510-fbd6776c725b\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"97841f23-62dd-41b5-a463-6e5dcdde9646\"}]},\"query\":{\"query\":\"not tags:\\\"suricata\\\" \",\"language\":\"kuery\"},\"filters\":[]},\"references\":[{\"type\":\"index-pattern\",\"id\":\"6e2380e0-db71-11eb-8d71-e148878ab61e\",\"name\":\"indexpattern-datasource-current-indexpattern\"},{\"type\":\"index-pattern\",\"id\":\"6e2380e0-db71-11eb-8d71-e148878ab61e\",\"name\":\"indexpattern-datasource-layer-9eca674b-afdc-48cb-abd4-e463196ee1a6\"}]},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Time Series Count [Zeek]\"}]","timeRestore":false,"title":"Zeek Dashboard","version":1},"coreMigrationVersion":"7.17.3","id":"a7ef5660-e3b8-11eb-b46d-7d34167de550","migrationVersion":{"dashboard":"7.13.1"},"references":[{"id":"6e2380e0-db71-11eb-8d71-e148878ab61e","name":"f9ce358a-4ff1-4cbf-a81b-f18410e7616e:layer_1_source_index_pattern","type":"index-pattern"},{"id":"6e2380e0-db71-11eb-8d71-e148878ab61e","name":"a818d8dc-d56e-4178-b836-82faa7bee6bf:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"6e2380e0-db71-11eb-8d71-e148878ab61e","name":"a818d8dc-d56e-4178-b836-82faa7bee6bf:indexpattern-datasource-layer-d1b67913-dd92-45c3-a541-293d22b21d1f","type":"index-pattern"},{"id":"6e2380e0-db71-11eb-8d71-e148878ab61e","name":"a54db762-ed95-42db-ab3c-bed22338b3d5:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"6e2380e0-db71-11eb-8d71-e148878ab61e","name":"a54db762-ed95-42db-ab3c-bed22338b3d5:indexpattern-datasource-layer-40380c0f-cd82-4d1a-91aa-03752cd19728","type":"index-pattern"},{"id":"6e2380e0-db71-11eb-8d71-e148878ab61e","name":"d40a65aa-920c-4896-9f64-70e66fed6e70:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"6e2380e0-db71-11eb-8d71-e148878ab61e","name":"d40a65aa-920c-4896-9f64-70e66fed6e70:indexpattern-datasource-layer-7bf7d6ca-6c06-4695-832e-7085d9327564","type":"index-pattern"},{"id":"6e2380e0-db71-11eb-8d71-e148878ab61e","name":"aa8ac499-19e0-4664-8944-16af561e1787:indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"6e2380e0-db71-11eb-8d71-e148878ab61e","name":"aa8ac499-19e0-4664-8944-16af561e1787:indexpattern-datasource-layer-9eca674b-afdc-48cb-abd4-e463196ee1a6","type":"index-pattern"}],"sort":[1626166779590,81],"type":"dashboard","updated_at":"2021-07-13T08:59:39.590Z","version":"Wzc5NywyXQ=="}
{"attributes":{"columns":["winlog.System.EventID.#text","winlog.event_data.ServiceName","winlog.event_data.ImagePath","winlog.event_data.ParentCommandLine","winlog.event_data.CommandLine","winlog.event_data.AccountName"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Winevent Services","version":1},"coreMigrationVersion":"7.17.3","id":"b0c66080-e3c7-11eb-91c7-e16bfd6330cb","migrationVersion":{"search":"7.9.3"},"references":[{"id":"a6de76c0-ddd2-11eb-a3fd-31e52f3ab3dc","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1626173236872,147],"type":"search","updated_at":"2021-07-13T10:47:16.872Z","version":"Wzk2MCwyXQ=="}
{"attributes":{"columns":["winlog.System.EventID.#text","winlog.event_data.ParentImage","winlog.event_data.CommandLine","winlog.event_data.User","winlog.event_data.DestinationIp","winlog.event_data.DestinationHostname","winlog.event_data.DestinationPort"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Winevent Netconn","version":1},"coreMigrationVersion":"7.17.3","id":"cd15d0b0-e3ca-11eb-91c7-e16bfd6330cb","migrationVersion":{"search":"7.9.3"},"references":[{"id":"a6de76c0-ddd2-11eb-a3fd-31e52f3ab3dc","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1626174572859,203],"type":"search","updated_at":"2021-07-13T11:09:32.859Z","version":"WzExMDEsMl0="}
{"attributes":{"columns":["winlog.System.EventID.#text","winlog.event_data.ParentImage","winlog.event_data.CommandLine","winlog.event_data.User","winlog.event_data.TargetFilename"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Winevent Filemod","version":1},"coreMigrationVersion":"7.17.3","id":"e0f7c9d0-e3c5-11eb-91c7-e16bfd6330cb","migrationVersion":{"search":"7.9.3"},"references":[{"id":"a6de76c0-ddd2-11eb-a3fd-31e52f3ab3dc","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1626172458733,143],"type":"search","updated_at":"2021-07-13T10:34:18.733Z","version":"Wzg5OSwyXQ=="}
{"attributes":{"columns":["source.ip","source.port","destination.ip","destination.port","http.request.method","http.response.status_code","url.domain","url.original"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"tags: \\\"zeek.http\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Zeek HTTP","version":1},"coreMigrationVersion":"7.17.3","id":"fc0f4e20-de55-11eb-91df-03f2eafd6e4e","migrationVersion":{"search":"7.9.3"},"references":[{"id":"6e2380e0-db71-11eb-8d71-e148878ab61e","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1626163316662,16],"type":"search","updated_at":"2021-07-13T08:01:56.662Z","version":"WzczNiwyXQ=="}
{"exportedCount":17,"missingRefCount":1,"missingReferences":[{"id":"1824dd20-e01b-11eb-92e6-03b94d9b5aa3","type":"tag"}]}